Needless to say, there are plenty of scams on Facebook. Whether it’s fake giveaways, like-farming pages, phishing attacks and spamming links, you only need to scroll through your newsfeed for a few moments before you come across something suspicious.
A portion of these scams are initiated via a simple friend request. You login, and that red number appears over your Contacts icon at the top of your newsfeed.
Of course it could be a legitimate request from someone you know wanting to be a Facebook friend. Or it could be the beginning of any of the following five scams….
Number 5 happened to me this past weekend thus the motivation to prepare this article. I’ve also included some info at the end of this article to help YOU fix this type of problem referring to an easy to follow graphic.
- Facebook Profile Cloning Scam – If the Facebook request comes from someone you know, and in fact are already friends with on Facebook, then alarm bells should already be ringing, because this could be a cloning scam.
Facebook profiling cloning scams (a.k.a. Friend Imposter scams) are surprisingly effective yet simple to execute. A scammer searches for a Facebook profile with a friends list that is public to anyone. Most people do not make their friends list private, so the scammer has plenty of profiles to choose from.
The scammer then copies both the profile name and profile picture of the account they pick – both of which are also public – and creates a brand new account with that information, thus creating a clone account. If the Facebook account targeted by the scammer has any other public photos, the scammer may well upload those photos to the new cloned account as well.
From there the scammer sends friend requests to the friends of the account they cloned, in the hope a number of them will accept the request under the thinking that it is the friend that has either created a new account of that they were accidentally deleted and being duly re-added.
Once an invitation has been accepted the scammer can now see information on that account only intended for friends. Any number of scams can be carried out on the person who accepted the friend request, such as the “Friend in Crisis” scam, or any of the following three scams on this list.
Always verify friend requests before accepting, and make your friends list private so scammers don’t pick your account and impersonate you to your friends.
- Malware linker – Most typically these friend requests will appear to come from an attractive member of the opposite sex, but the scam itself is rather rudimentary (unless combined with above Facebook cloning scam for a more personal touch) but essentially involve the scammer sending you an unsolicited friend request and – if accepted – following that up by sending you links to malicious websites that will attempt to install malware onto your computer when visited.
Either that or you’ll be sent to a survey scam, which harvest personal information by luring you into completing intrusive questionnaires. If you’re fooled into downloading a suspicious file to your computer, run an antivirus scan right away.
- Phishing linker – Very much like the above malware linker, the stranger you just accepted (again often posing as a member of the opposite sex – or again it may be combined with the Facebook cloning scam) will send you links to spoof phishing websites.
Typically these sites will be designed to look like the Facebook login page, asking for your Facebook username and password, which are then duly sent to the scammer, compromising your Facebook account.
- The “Looking for Love” Romancer – Finding love on the Internet is increasingly common, and this fact is exploited by scammers who target the lonely and vulnerable. This scam can be initiated on dating websites, through email, or on social media websites like Facebook. Scammers locate profiles to target and send a friend request. Upon the victim accepting the friend request, they are sent messages from the scammer who is attempting to strike a romantic relationship online with the ultimate goal of gaining the trust of the victim.
Once that trust has been established, the scammer will use one of a number of techniques to attempt to extort money from the victim. For example the scammer will tell the victim they want to visit but cannot afford transportation costs, or that the victim needs money for emergency medical bills, or money for equipment that will allow them to keep in contact with the victim.
- The Identity Thief – Many of us share plenty of information with our friends. Photos, birthdays, home towns and a plethora of statuses containing a variety of personal information about us. And while this information can look innocuous and harmless, if it falls into the wrong hands it can be an identity thieves treasure chest.
If you accept the friend request of a stranger, or a stranger posing as a friend, then they can accumulate a lot of information about you based on what you continually upload onto the site. This information can be used to compromise other online accounts, create new accounts in your name and just generally impersonate you on the Internet or even in real life.
Identity theft is serious and can take victims years to recover from. So always make sure that your Facebook friends are who they say they are and never share too much information on your accounts just in case someone does compromise your account
Dispelling a myth There are plenty of legitimate scams on Facebook, but there are also plenty of myths as well. One such myth is the fallacy of friend requests that can “hack” your computer, “erase your hard drive” as well as other types of pseudo-jargon drivel that sounds more akin to Hollywood’s take on computer security.
As you can see from the list above, there are plenty of scams that can be initiated by a simple friend request. But don’t be confused. There is no such thing as magical hackers that can do anything they please by merely being accepted as a friend on Facebook. Friend requests can initiate a scam but they still require the victim to take further actions, such as giving away too much information, or by visiting a dangerous website.
Have you been the target or victim of ransomware-wielding attackers? If so, your government needs you to come forward.
So says the FBI in a new public service announcement aimed at both individuals and businesses. The FBI says the effort is designed to get “victims to report ransomware incidents to federal law enforcement to help us gain a more comprehensive view of the current threat and its impact on U.S. victims.”
The bureau says that while anecdotal reports of crypto-locking attacks abound, it needs more precise information about attackers – ranging from the ransomware variant to the attacker’s bitcoin address – to help it pursue, disrupt and potentially arrest suspects. “While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement,” the FBI’s alert says.
The bureau has previously asked victims of everything from tech support scams to CEO fraud to come forward in efforts that parallel outreach by European law enforcement and security experts.
Security experts say that even if law enforcement agencies cannot act on every criminal report they receive, having victims come forward serves several essential purposes:
•Intelligence: Reporting crime gives law enforcement agencies a more accurate picture of attackers’ techniques so that they can attempt to track and ultimately disrupt them.
•Funding: Crime reports also help law enforcement agencies gauge the scale of the problem so they can devote sufficient resources as well as secure needed funding from legislators or other policymakers.
•Arrests: Amassing intelligence on cybercrime gangs helps investigators better correlate gangs’ activities, thus potentially helping them unmask and pursue the individuals involved as their attacks generate more clues. The FBI has previously noted that “much of the infrastructure being used by cybercriminals is hosted overseas,” and that it often works with international law enforcement agencies.
FBI Seeks 9 Data Points
The FBI is asking anyone who’s been the victim of a ransomware infection to file a report with the local FBI field office or via the website of the Internet Crime Complaint Center, or IC3. That’s a joint partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance, which was set up to receive and investigate internet-related crime complaints.
Here’s the exact information being sought by the bureau:
•Date of infection;
•Ransomware variant, as identified on the ransom page or by the encrypted file extension;
•Victim company information – industry type, business size;
•How the infection occurred – link in email, browsing the internet, etc.;
•Requested ransom amount
•Attacker’s bitcoin wallet address – often listed on the ransom page;
•Ransom amount paid, if any;
•Overall losses associated with a ransomware infection, including the ransom amount;
•Victim impact statement.
Please Don’t Pay
In its public service request, the FBI again urges anyone who’s suffered a ransomware infection to never pay ransoms because it helps criminals refine their attacks and snare even more victims.
“Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom,” the FBI says. “Paying a ransom emboldens the hacker to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain.”
The FBI also notes that business realities may, of course, influence some organizations to pay the ransom. “While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees and customers.”
Legal experts say there appears to be no way for U.S. law enforcement agencies to prosecute anyone who pays a ransom, even if the money ends up in the hands of an individual or organization on the U.S. Treasury Department’s sanctions list, provided victims employ an intermediary. I’ve been told that some organizations are setting up such plans as well as stockpiling bitcoins in the event that they do fall victim to a related attack.
Anti-Ransomware Portal Offers Help
Some victims, however, can get the equivalent of a “get out of jail for free” card, thanks to ongoing efforts by security researchers to crack attackers’ weak crypto or otherwise exploit code-level flaws in attack code.
One related effort, the public/private No More Ransomware portal, says that since launching in July, it’s enabled 822 CoinVault and 941 Shade ransomware victims to decrypt their data for free.
While that’s good news, as the FBI noted earlier this year in an intelligence memo, don’t count on decryptors always being available, because they rely on attackers making coding errors. “Since the most sophisticated ransomware variants are practically impossible to defeat without obtaining the actor’s own private decryption keys, the FBI has focused on performing significant outreach to educate the public on ransomware and the importance of keeping backups and maintaining a level of operational security when using a computer,” the FBI’s memo states.
Here’s some more scary info. Looks like one can start their own online ransomeware business now with ZERO investment and very little effort: Ransomeware-As-A-Service
Cerber Ransomware Earns Over $2 Million with a little as 0.3% of victims paying up! A new report from Check Point software’s researchers showed that Cerber’s Ransomware-as-a-Service (RaaS) affiliate program is a resounding success with more than 160 participants at current count, and that the combined direct sales plus affiliates was almost 200K in July, despite a victim payment rate of just 0.3%. That puts it on track to earn $2.3 million dollars this year, said Maya Horowitz, group manager of threat intelligence Check Point.
Aspiring criminal affiliates create their own campaigns using the Cerber platform and keep 60 percent of the profits. They also have access to user-friendly management tools, Cerber’s Bitcoin laundering architecture, and obviously the malicious code itself. Eight brand new Cerber ransomware campaigns are launched every day!
This means that there will be more and more such services, more and more attacks, even more than today. Just this week Symantec reported on a new RaaS that competes with Cerber. The new ransomware — dubbed Shark — is currently available for no charge in underground forums. Novice hackers that use the tool to extort money from victims pay only a 20% cut to the Shark developers.
Check Point researchers identified the IP addresses that infected machines used for data traffic with their C&C servers. They were also able to easily identify that the bad guys are probably based in or near Russia.
Currently, there are no infections in Russian-speaking countries and in the configuration of the ransomware, the authors, as default, chose not to operate on machines or PCs that have Russian as their default language. Obviously another indication of the hackers physical location.
This is a tried-and-true strategy of not getting picked up by the FSB, today’s equivalent of the KGB. As long as you don’t hack inside Russia’s borders, the Russian security forces leave you alone.
Follow The Money
What is interesting is that Check Point was able to extract the exact Bitcoin wallets assigned to every victim so that they could track the percentage of people who actually paid the ransom. The next step was to “follow the money” to one ultimate final central wallet through a network of other wallets that are part of Cerber’s Bitcoin architecture.
They followed these hundreds of thousands of different wallets. This is the first time that security researchers can say for sure what percentage of victims pay the ransom.
The people that actually pay ransoms was surprisingly low, compared to earlier estimates by other researchers, but it still pays off handsomely. A small team of four of five specialized cyber criminals can make between $300,000 to $400,000 each per year, which is at least 10 times more than they could earn in any legitimate enterprise where they live.
So with the extraordinary amounts of money that can be made using these Ransomeware-As-A Service programs, we can all expect them to continue to grow and thrive in today’s internet security environment.
A simple method to “help” circumvent this particular attack vector would be to log into your hardware based firewall/router (you do have a hardware firewall right?) and block all incoming WAN traffic from Russian based IP addresses. You should probably block IP addresses that originate from China at the same time.
If the founders of a new face recognition app get their way, anonymity in public could soon be a thing of the past. FindFace, launched two months ago and currently taking Russia by storm, allows users to photograph people in a crowd and figure out their identities, with 70% reliability.
It works by comparing photographs to profile pictures and in the future, the designers imagine a world where people walking past you on the street could find your social network profile by sneaking a photograph of you, and shops, advertisers and the police could pick your face out of crowds and track you down via social networks.
In the short time since the launch, Findface has amassed 500,000 users and processed nearly 3m searches, according to its founders.
Unlike other facial recognition technology, their algorithm allows quick searches in big data sets. Three million searches in a database of nearly 1billion photographs: that’s hundreds of trillions of comparisons. With this algorithm, you can search through a billion photographs in less than a second from a standard desktop computer. The app will give you the most likely match to the face that is uploaded, as well as 10 people it thinks look similar.
The technology can work with any photographic database, though it currently cannot use Facebook, because even the public photographs are stored in a way that is harder to access. I’m sure it’s just a matter of time before this challenge is resolved. We might even see Facebook leading the charge if they see a way to monetize this technology.
Some security analysts have sounded the alarm about the potentially disturbing implications. The app has already been used by a St Petersburg photographer to snap and identify people on the city’s metro line.
But the FindFace app is really just a shop window for the technology, the founders said. There is a paid function for those who want to make more than 30 searches a month, but this is more to regulate the servers from overload rather than to make money. They believe the real money-maker from their face-recognition technology will come from law enforcement and retail.
The pair claims they have been contacted by police departments in other regions, who told them they started loading suspect or witness photographs into FindFace and came up with results. “It’s nuts: there were cases that had seen no movement for years, and now they are being solved,” said Kabakov.
The startup is in the final stages of signing a contract with Moscow city government to work with the city’s network of 150,000 CCTV cameras. If a crime is committed, the mugshots of anyone in the area can be fed into the system and matched with photographs of wanted lists, court records, and even social networks.
It does not take a wild imagination to come up with sinister applications in this field; for example being able to tag and identify participants in street protests, sporting events or any large group or gathering in places where CCTV cameras are installed.
The pair also has big plans for the retail sector. Kabakov imagines a world where cameras identify you looking at, say, a stereo in a shop, the retailer finds your identity, and then targets you with marketing for stereos in the subsequent days.
Again, it all sounds more than a little disturbing. In today’s world we are constantly surrounded by gadgets. Our cell phones, iPads, tablets, televisions, fridges, everything around us is sending real-time information about us to the internet. We already have large data files on people’s movements, their interests and so on, cataloged on massive internet servers around the world – next they’ll be matching our interests to our photographs and perhaps when a camera picks us up on the street – everyone will know exactly where we are. Now we can really kiss our privacy goodbye. From the Washington Post: https://www.washingtonpost.com/news/morning-mix/wp/2016/05/18/russias-new-findface-app-identifies-strangers-in-a-crowd-with-70-percent-accuracy/
Interesting thought…. FREE Wi-Fi from Facebook? There are over a BILLION people with Facebook accounts and Facebook wants to interact with all of them.
Would you check in on Facebook in exchange for free Wi-Fi at a hotel, restaurant, retailer or your Doctor’s office? That’s the pitch Facebook has cooked up to hook its social network into companies big and small.
Here’s potentially the next big security / privacy intrusion. Facebook wants businesses to provide FREE Wi-Fi to their customers as long as the customer checks in using their Facebook credentials.
When customers check in to use a business Wi-Fi, their friends can discover the business by seeing the check in on their news feed. After checking in, people will be asked if they also want to like the business page so you can continue to connect with them on Facebook
For Facebook, the Wi-Fi-with-check-in initiative is part of a broader plan to attack the local market by encouraging merchants to set up and maintain Pages on the social network. Participating merchants will get additional distribution with each check-in, receiving exposure that could help bring in more customers or inspire more “likes.” They’ll also benefit from aggregate, anonymous demographic data such as age, gender, and interests on customers who sign-in to Facebook Wi-Fi, and can then use that data for targeting purposes in whatever Facebook advertising campaigns they run.
In essence, Facebook, which is not profiting directly from any revenue share through the partnership, hopes to attract more merchants that go on to buy ads. The idea is also to become a formidable player in local search, an area where everyone from Google and Yahoo to Yelp and Foursquare are competing for attention and advertising dollars.
This would appear to be a good thing for business owners but what does the consumer get out of it? Not much beyond the Wi-Fi access except perhaps that it’s a real time report of where a person is at any moment in time.
A friend of ours recently “checked in via Facebook” to use the FREE Wi-Fi at a car dealer and didn’t realize how that information would be used. All of a sudden, he got a text message from another friend asking – “hey… are you looking for a new car?”
Let’s take this a bit further – how about your doctor or dentist office offering the same Facebook Wi-Fi access. (remember Facebook is trying to get EVERY business signed up for this) Now everyone you know on Facebook and their “friends” will know exactly where you are for the next hour or so. Does that thought scare you just a little? It’s like checking into a restaurant while traveling in another state – announcing to the Facebook world that you’re not home – so maybe it’s a good time to come by your house and rattle a door or window.
Whatever the reasoning behind Facebook Wi-Fi, there’s no question that millions of people will find the prospect of free Wi-Fi too good to pass up, which raises a number of privacy issues. What does it mean when you link your Facebook account to your browsing history, especially when merchant and social network would seemingly benefit from knowing more about you?
Social media is getting more intrusive each and every day. It’s up to you and me to protect our privacy and physical location when were out and about on our daily rounds. If a local business offers you FREE Wi-Fi just for logging in with your Facebook account – think twice about it. If you really need Wi-Fi access while you’re sitting in a waiting room somewhere, ask them for their guest access code
RING Video doorbell. An internet-connected doorbell isn’t a new idea. The Doorbot of a few years ago was clunky and ugly, but the concept was good: someone rings your doorbell, your smartphone beeps and buzzes, and with a tap, you can initiate a videochat with the visitor. It doesn’t matter if you’re in the kitchen, at the office, or on vacation in the mountains. You can talk to them and see them. They can hear you, but they can’t see you. If it’s a delivery, you can give the guy permission to leave a package and instructions on where to stash it.
The Ring Video Doorbell offers a more refined and comprehensive approach. It adds motion sensing, so it can alert you via your phone when somebody walks through your yard or onto your porch. It also records video and audio of each event (a ringing of the bell or a motion detection) and stores it in the cloud for later review.
The Ring unit costs $199, and you can easily install it yourself. Below the 180 degree camera eye is a circular button surrounded by an LED ring. At the bottom is a speaker allowing you to chat with your friendly FedEx or UPS driver. The companion app is a free downlaod, as is the user account that lets you access the Ring’s features. The cloud storage runs $3 per month or $30 per year.
The Ring Video Doorbell doesn’t offer a live video feed or the ability to constantly record footage, but Ring does say it will allow remote camera access at some point in the future, so you can take a peek out your doorbell even when nothing triggers the camera.
Knock, Knock, Who’s There?
All the tools necessary for installation are included—even caulk and a miniature level. Before you mount the Ring, you charge it using USB (you’ll probably have to take it down and recharge it once per year) and connect it to your Wi-Fi network, which happens through the smartphone app. (Ring is set to release their next generation doorbell that would in place of your current wired bell.)
When someone presses the button on Ring, your smartphone begins to, well, ring. The same goes for the unit itself—it rings to let the person at your door know something is happening. Opening the notification brings up a live video feed, where you can Reject or Accept the invitation to interact.
Bodies in Motion
Using motion sensors built into the camera, Ring can alert you when someone is at your door before they even press the doorbell. This is especially useful when the UPS or FedEx driver leaves a package and refuses to ring your doorbell. Also, before the button is even pressed, Ring detects motion at your door and begins recording video. This makes it possible to view what happened at your door before the bell was pressed. This video recording feature can provide you with the peace of mind in knowing any activity at your door is being recorded – well worth the minimal monthly fee. Not to mention, you can download any of the videos to your mobile device for easy sharing with family members, or in the hopefully unlikely case where it’s necessary, the authorities.
Video of how the Ring Video Doorbell works: https://www.youtube.com/watch?v=f9TRo7JDxFg
Check out their product line: https://ring.com/products
The U.S. Department of Homeland Security has issued a warning to remove Apple’s QuickTime for Windows. The alert came in response to Trend Micro’s report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows.
Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned, and remote attackers could take control of a victim’s computer system. US-CERT is part of DHS’ National Cybersecurity and Communications Integration Center.
“We alerted DHS because we felt the situation was broad enough that people having unpatched vulnerabilities on their system needed to be made aware,” said Christopher Budd, global threat communication manager at Trend Micro. The only mitigation available is to uninstall QuickTime for Windows,” US-CERT’s alert said.
Instructions from Apple can be found here: https://support.apple.com/en-us/HT205771Apple has not discontinued security updates for QuickTime on Apple computer systems – just Windows based systems. It is not clear why Apple made the decision to end Windows support.
Zero Day Warning
Trend Micro’s Zero Day Initiative learned about the vulnerabilities from researcher Steven Seeley of Source Incite, who is named in the warning. ZDI then issued advisories detailing the critical vulnerabilities:
• The Apple QuickTime moov Atom Heap Corruption Remote Code Execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime. The problem first came to ZDI’s attention late last year. The number of users at risk is unknown at this time.
• The QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability allows an attacker to write data outside of an allocated heap buffer by providing an invalid index.
Software makers regularly retire applications, so it’s not unusual that QuickTime would be vulnerable. However, it was odd that Apple did not issue a public statement about ending its support for QuickTime for Windows and that the software was still available for download.
Increasing Software Vulnerability
QuickTime joins a growing list of software that is not supported any longer. That list includes Microsoft Windows XP and Oracle Java 6, which means users of those operating systems increasingly will be vulnerable to attack.
DHS didn’t have any comment to add to its alert, said spokesperson Scott McConnell, who referred questions to Apple. Apple did not respond to requests to comment for this story.
The warnings come amid recent reports about computer system vulnerabilities, including one issued just a few days ago about a vulnerability in Adobe’s Flash Player that could leave computers open to ransomware, which can lock up entire systems until an attacker is paid to release control.
When you’re on Facebook, do you ever get the feeling that you’re being watched? An ad pops up that’s right up your alley, or three new articles show up in your feed that are similar to something you’ve just recently clicked on.
Sometimes it seems like Facebook knows you personally, and that’s because it does. It has algorithms that track what you like, watch and click on. Facebook uses this information to target ads to users on behalf of its paid advertisers.
Facebook itself isn’t the only culprit. Tons of companies use Facebook’s platform as a way to track you. In fact, right now there a probably dozens of companies that are watching your posts, storing your profile information and more, without you even realizing it.
How did this happen in the first place? When Facebook first started out, people rushed to join because of the many perks that it offered. One of those perks, and probably the most appealing, was the fact that Facebook was entirely ad-free. You could use the service to connect with family and friends without being bothered by someone trying to sell you something.
Well, like they say, “All good things must come to an end.” Eventually, Facebook began selling ads like everyone else. And that’s when everything changed.
People realized that Facebook provided a treasure trove of information for advertisers. By clicking “like” users were telling companies exactly what they wanted — more of this, less of that. This led to the big data tracking we now see.
Three sneaky ways companies are tracking you: Most people understand that Facebook is tracking their preferences whenever they use the app. But, few realize they’re being tracked in other ways too. And, that’s what these third-party companies are banking on. If you don’t know you’re being tracked, then you won’t ask them to stop.
Here’s three things to watch out for.
1: Facebook apps: This is when you receive a request to play a Facebook game your friends are obsessed with, and you decide to sign up. If you’ve ever done this before, then you’ve allowed that app developer to track you. These third-party apps integrate with your Facebook profile and can ask Facebook for permission to pull various personal data, from your work history to timeline posts. And although you can edit what information they can access, very few people do.
2: Facebook logins: This is when you visit a site and it says “Log in with Facebook,” and you do, then you’re letting that company track you.
3: Friends’ apps monitoring you: Even if you didn’t download an app, your Facebook settings may allow apps your friends have installed to also see YOU. It’s pretty scary.
You might be wondering why this even matters, and how it really impacts you personally. The easiest way to answer those questions is to point out all of those big data breaches you hear about almost daily. Hackers rarely waste time on individuals these days. They’ve got much bigger fish to fry. Large retailers, for example – or the databases where these third-party companies store the information they’ve gathered. That’s why everyone should take these steps to protect their private information.
Some Options To Help Stop The Tracking Madness:
Review and edit installed apps: To see what apps you’ve installed over the years, open Facebook in your browser, click the down arrow in the upper right corner and select “Settings.” Then click on the “Apps” header in the left column.
To see what information an app is accessing, click the pencil icon next to any of the apps to see and edit the settings. The first setting lets you set who can see that you use the app. It defaults to “Only Me,” so it isn’t a big deal. Below it, however, is another story.
In the case of Skype, for example, it pulls your public profile information along with your list of friends, email address, birthday and hometown.
Remember that this information is being stored on a third-party server. Not every app developer is going to have Microsoft-level security, and hackers are good at turning tiny pieces of stolen information into big gains.
If you want to keep using the app, you can deselect certain items, such as your email address. Be aware that won’t remove the information from the app developer’s servers, however. If you change your email address in the future, however, the developer won’t get the new one.
Remove apps you don’t use: If you don’t want to use the app anymore, you can click the “Remove app” link at the bottom of the page. Just remember that this won’t automatically remove your information from the app developer’s servers. For that you’ll need to contact the app developer directly. Facebook has a link for more information on this under the “Remove info collected by the app” section in the app’s settings.
Turn off apps completely: If you’ve deleted all the apps, and you’re not keen on accidentally installing more in the future, you can turn off the app platform completely. Just note you won’t be able to install apps or log in to third-party sites using Facebook until you turn this back on.
To turn off the app platform, go back to the App Settings page. Under “Apps, Websites and Plugins,” click the “Edit” button. At first, this just looks like a way to disable app notifications and invites from other people, which is a big help on its own. However, you’ll want to click the “Disable Platform” link in the bottom left corner.
Facebook gives you their standard warning about what disabling the platform does. If you’re OK with it, click the “Disable Platform” button. Unfortunately, this won’t remove information that app developers might have collected about you already.
Stop logging into sites using Facebook: In the future, when you’re adding an app or logging into a website try to avoid logging in with your Facebook account. But, if you must use Facebook to log in, then look for the “Log in Anonymously” or “Guest” option so it won’t share your information.
Stop friends’ apps from seeing your info: Apps can still get your information through your friends. As your friends install apps, those apps can request permission to get info about you.
To put a stop to this, go back to the App Settings page. Then under “Apps Others Use” click the “Edit” button. You’ll see everything that your friends’ apps can see about you. Go through and uncheck every option listed on the page, and then click “Save.” Now companies can’t track new information about you.
It’s up to each of us to monitor and maintain what information we want shared with others. I’m sure you’ll be very surprised when you log in and check your Facebook app settings.
People who don’t want to pay for Netflix services can buy stolen log-in credentials on the black market for rock-bottom prices, Symantec reports.
The online security company said it found advertisements and software aimed at cheapskate streamers, though it didn’t mention the names of the shady sites and forums.
Netflix Logins For Sale. The ads, which show Netflix logins for sale for as little as a quarter each, proudly display guarantees of “freshly cracked” accounts. They also ask their “customers” not to spoil the fun by changing passwords or messing with payments, either of which would alert the paying user to the fact that their account has been breached.
It is, of course, illegal — these are stolen accounts, gathered through nefarious means like malware and phishing. But since Netflix takes a laissez-faire approach to sharing accounts, paying users could easily be watching shows at the same time as someone who bought their login for a quarter on the Dark Web.
Netflix CEO Reed Hastings has said in the past that he doesn’t consider password sharing a big problem, and as long as the user base keeps growing (the service just passed 65 million subscribers globally), this common practice is likely to stay that way
Sharing your Netflix log-in? Turns out you might not be the only one who lets a friend or family member log into your Netflix account. In fact, if you don’t, you’re in the minority, according to a poll of over 5,000 Netflix users conducted by Global Web Index.
Only 35 percent of users claimed to be the sole user of the account — 30 percent shared it with one other person, 16 percent with two people, and 19 percent shared it with three or more.
Netflix has plans that permit multiple streams to multiple screens at once, which means they’re fine with accounts being shared to a certain degree. Two spouses and a kid watching a movie shouldn’t require three accounts, of course — but spreading the login among four or five friends might be something the company would like to stop.
Could your account be on one of these lists? It’s hard to say, but one easy way to check is to look at your recently watched shows. If you see a lot you don’t recognize and don’t seem like your style (or that of anyone you share with), you might want to change your password. That simple action will immediately stop your account from being used by others without your permission.
The “Internet of Things” security is badly broken and getting worse. The Shodan search engine is only the latest reminder of why we need to fix IoT security.
Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.
The feed includes images of marijuana plantations, back rooms of banks, infants and children in their homes, kitchens, living rooms, garages, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores. The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place. Shodan crawls the Internet at random looking for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the new script takes a snap and moves on.
While the privacy implications here are obvious, Shodan’s new image feed also highlights the dismal state of IoT security, and raises questions about what we are going to do to fix the problem.
Of course insecure webcams are not exactly a new thing. The last several years have seen report after report hammer home the point. In 2013, the FTC sanctioned webcam manufacturer TRENDnet for exposing “the private lives of hundreds of consumers to public viewing on the Internet.” Today it’s estimated that there are now millions of such insecure webcams connected and easily discoverable with Shodan. That number will only continue to grow.
So why are things getting worse and not better? Webcam manufacturers are in a race to gain market share. Consumers do not perceive value in security and privacy and have not shown a willingness to pay for such things. As a result, webcam manufacturers slash costs to maximize their profit, often on narrow margins. Many webcams now sell for as little as $20.
The problem: Consumers are saying we’re not supposed to know anything about this cybersecurity stuff and the manufacturers don’t want to lift a finger to help users because it costs them money.
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? You may remember in November the story about a 2008-era malware – Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
The bigger picture here is not just personal privacy, but the security of IoT devices. As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby’s crib.
FTC to the Rescue? When it comes to strong-arming manufacturers, government entities like the US Federal Trade Commission (FTC) may be able to help. Maneesha Mithal, associate director of the FTC’s division of privacy and identity protection, was quick to mention several examples where the organization went after at-fault companies. In recent years according to Mithal, the FTC has prosecuted more than 50 cases against companies that did not reasonably secure their networks, products, or services.
The FTC takes action against companies engaged in deceptive or unfair business practices, she explained. That includes IoT manufacturers who fail to take reasonable measures to secure their devices.
In addition to the enforcement action against TRENDnet, the FTC also issued security best practices for IoT manufacturers back in January 2015, urging them to build in security at the design phase rather than bolting it on as an afterthought. These practices could be a “defense-in-depth” strategy to mitigate risks, pushing security patches to connected devices for the duration of the product life cycle, and so on.
As consumers of IoT products it’s our responsibility to learn about the individual security and password settings for the devices we use and secure them to the best of our ability. Just don’t rely on the manufacturer to protect you – they probably won’t.