Tag Archive for FB

| June 6, 2012
Comments Off on Bad Day at LinkedIn

Bad Day at LinkedIn

Bad Day at LinkedInIt’s been a bad day for LinkedIn (LNKD). LinkedIn users have been the victim of two security and privacy blunders on the same day. First, the LinkedIn mobile app for iOS devices is sending potentially confidential private and business information to the company servers without the users’ knowledge.

LinkedIn logoHelp Net Security reports that security researchers Yair Amit and Adi Sharabani at Skycure Security identified the security hole. According to the researchers, the security flaw involves calendar syncing which collects data from all the calendars (private and corporate) on the iOS device.

“The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes,” the researchers point out in the article. “…this information is collected and transmitted to LinkedIn’s servers; moreover, this action is currently performed without a clear indication from the app to the user, thus possibly violating Apple’s privacy guidelines.”

The first response from LinkedIn‘s spokeswoman Nicole Perlroth appears to minimize the issue and blame the users for the privacy breach when she told Help Net Security that the feature is opt-in, and said nothing about whether the company will update the app that would stop this privacy snafu from happening in the future. (Looks like LinkedIn updated the App and broke it according to reviews in the Apple AppStore) This was reinforced by Joff Redfern, Mobile Product Head at LinkedIn on the LinkedIn blog where he also pointed out the information harvesting app is an opt-in feature. He claims that the information collected is not stored or shared. LinkedIn did change the LinkedIn app for Google (GOOG) Android so it no longer sends data from Droids to LinkedIn. There was no information in the article if LinkedIn plans to change the Apple iOS app.

But wait it gets worse…

LinkedIn also lost 6.5 million accounts today. They were however found on a Russian forum. LinkedIn has confirmed on their blog that there are “compromised accounts.” Cameron Camp, Security Researcher at ESET, commented on the leak for Help Net Security:

“The difference with this hack … is that people put their REAL information about themselves professionally on the site not just what party they plan on attending, ala Facebook and others …  mess with somebody’s professional profile, and you’re messing with their life, and their contacts know about it.”

rb-

I wrote about the value of different credentials here and here.

I am wondering about the timing of the two security problems for LinkedIn. Could they be related? Were attackers using the Apple iOS app as an attack vector? After all, we know that Apple loves to collect personal info on its customers.

Mitt Romney

What happened here?

Action Items:

  • Toggle off the “Add Your Calendar” option in the Sync Calendar feature of the LinkedIn app on your Apple iOS devices
  • Immediately change your LinkedIn password and any accounts that share the same password.
  • Be on the lookout for phishing campaigns that might leverage the incident.
Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| May 15, 2012
Comments Off on Internet of Things

Internet of Things

Internet of ThingsThe Internet of Things is a world where everything can be both analog and digitally approached. It reformulates our relationship with objects – things- as well as the objects themselves.  Any object that carries an RFID tag relates not only to you but also through being read by an RFID reader nearby, to other objects, relations or values in a database. In this world, you are no longer alone, anywhere.

The Machines Are Talking a Lot

The Machines Are Talking a LotCisco’s Visual Networking Index Global Mobile Data Traffic Forecast Update, 2011-2016 reports that Internet traffic continues to grow at unprecedented rates. Cisco says that the second leading source of internet traffic will be the Internet of Things devices.

The networking giant says the source will be from machine-to-machine communications, or “M2M.” Brian Bergstein at MIT‘s Technology Review says to think of sensors in cars and in appliances, surveillance cameras, smart electric meters, and devices still to come, monitoring the world and reporting to each other and to centralized computers what they’re detecting. The chart below, reprinted from the Cisco report, shows just how extreme the jump in machine-to-machine communications could be. Cisco says M2M will grow, on average, 86 percent a year, reaching 508 petabytes a month, or half a billion gigabytes by 2016.

Related articles

New ARM chip for Internet of Things

ARM logoARM (ARMH), the semiconductor company whose chip technology powers most modern smartphones, has come up with a chip for the Internet of things (IoT). Om Malik at GigaOM reports that the Cortex-M0+ is an energy-efficient chip, optimized for use in everything from connected lighting to power controls to other home appliances. In a press release, the company explains:

The 32-bit Cortex-M0+ processor … consumes just 9µA/MHz … around one-third of the energy of any 8 or 16-bit processor available today, while delivering much higher performance …[to] enable the creation of smart, low-power microcontrollers to provide … wirelessly connected devices, a concept known as the ‘Internet of Things.’

At GigaOM’s Mobilize 2011 event ThingM CEO Mike Kuniavsky said that “ubiquitous network connectivity, cloud-based services, cheap assembly of electronics, social design, open collaboration tools, and low-volume sales channels create an innovation ecosystem that is the foundation for an Internet of things.”

GigaOM says Freescale and NXP (NXPI), both are major suppliers to the automotive and home automation industries have signed up for the new ARM Internet of Things chip technology. Freescale and NXP have locations in the Farmington Hills, MI area.

Related articles

A new chip for the Internet of Things

Atheros logoOm Malik at GigaOm recently noted that Atheros, a division of Qualcomm (QCOM) launched a new very low power consuming Wi-Fi chip. The AR4100P, is focused on the “Internet of Things.” He predicts that soon, there might be Wi-Fi in everything around us, including Samsung’s (005930) Wi-Fi-enabled washing machines, which Malik wrote about earlier.

According to the blog, the new “highly integrated 802.11n single-stream Wi-Fi system-in-package with integrated dual IPv4 IPv6 networking stack” is focused on smart home and building controls and appliances. Atheros and other chip companies such as ARM are betting that the Internet of Things will prove to be a new giant market opportunity.

rb-

The new Atheros chip also includes an IPv6 stack as well as 802.11n to give end-to-end control of your home appliances.

Related articles
  • Marvell chip makes appliances and LED lights ‘smart’ (ces.cnet.com)

The Web Connected Smelly Robot

olly logoThe Internet of Things now has smell-o-vision from Olly. Olly takes services on the Internet and delivers their pings as smell according to his website. Whether it’s a tweet or a like on Instagram, Olly will be sure to let your nose know about it. Mint Foundry, a graduate design lab at Mint Digital dedicated to exploring the potential of web-connected objects developed Olly.

It is possible to change Olly’s smells in an instant. It has a removable section in the back which can be filled with any smell you like. It could be essential oils, a slice of fruit, your partner’s perfume, or even a drop of gin.

Olly is stackable, so if you have more than one, you can assign each one to a different service with a different smell. Connect one to Twitter and another to your calendar. Before you know it, you’ll have a networked Internet smell center claims the website.

Olly is not yet in production, but Mint is glad to offer the source files to anyone who’s got a 3D printer and a nose for adventure.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| March 29, 2012
Comments Off on Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012The Security Labs over at Websense (WBSN) a provider of Web, data, and email content security have used the Websense ThreatSeeker Network (PDF) which provides real-time reputation analysis, behavioral analysis, and real data identification to announce (PDF) their picks for the top IT security threats for 2012. Social media is the #1 risk in 2012,.

1. Websense says that stealing, buying, trading credit card, and social security numbers is old news. They say that your social media identity may prove more valuable to cybercriminals than your credit cards.

LinkedIn connections for saleToday, your social identity may have greater value to the bad guys because Facebook (FB) has more than 800 million active users. More than half of FB users log on daily and they have an average of 130 friends. Trust is the basis of social networking, so if a bad guy compromises social media logins, the security firm says there is a good chance they can manipulate your friends. (Stacy Cowley at CNN Money has an excellent article on how this can work with LinkedIn (LNKD). Which leads to their second prediction.

2. According to Websense most 2012 advanced attacks’ primary attack vector will blend social media “friends,” mobile devices, and the cloud. In the past, advanced persistent threats (APTs) blended email and web attacks together. In 2012, the researchers believe advanced attacks could use emerging technologies like: social media, cloud platforms, and mobile. They warn that blended attacks will be the primary vector in most persistent and advanced attacks of 2012.

iPad malware3. The San Diego CA-based firm says to expect increases in exposed vulnerabilities for mobile devices in 2012. They predict more than 1,000 different variants of exploits, malicious applications, and botnets will attack smartphones or tablets. Websense security investigators predict that a new variant of malware for mobile devices will appear every day.

The Internet security firm stresses that application creators need to protectively sandbox their apps. Without sandbox technology malware will be able to get access to banking and social credentials as well as other data on the mobile device. This includes work documents and any cloud applications on that handy device. The firm believes that social engineering designed to specifically lure mobile users to infected apps and websites will increase. Websense predicts the number of mobile device users that will fall victim to social engineering scams will explode when attackers start to use mobile location-based services to design hyper-specific geolocation social engineering attempts.

SSL/TLS blindspot4. SSL/TLS will put net traffic into a corporate IT blind spot. Two items are increasing traffic over SSL/TLS secure tunnels for privacy and protection. First, the disruptive growth of mobile and tablet devices is moving packaged software to the cloud and distributing data to new locations.

Second, many of the largest, most commonly used websites, like Google (GOOG) Search, Facebook, and Twitter have switched their sites to default to HTTPS sessions. This may seem like a positive since it encrypts the communications between the computer and destination. But as more traffic moves through encrypted tunnels, Websense correctly says that many traditional enterprise security defenses (like firewalls, IDS/IDP, network AV, and passive monitoring) will be left looking for a threat needle in a haystack, since they cannot inspect the encoded traffic. These blind spots offer a big doorway for cybercriminals to walk through. (We have started to battle this as we move from a POC system from McAfee another vendor to a modem content filter to be nameless but was just bought and we haven’t solved it yet, the NoSSLSearch for GOOG still needs some work)

Network security5. For years, security defenses have focused on keeping cybercrime and malware out (Also called M&M security, hard on the outside, soft and chewy on the inside). The Websense Security Lab team says that there’s been much less attention on watching outbound traffic for data theft and evasive command and control communications. The researchers say hacking and malware are related to most data theft; they estimate that more than 50 percent of data loss incidents happen over the web. This is aggravated by delayed DLP deployments as vendors use traditional overly excessive processes like data discovery (designed to over-sell professional services?).

In 2012, organizations will have to stop data theft at corporate gateways that detect custom encryption, geolocations for web destinations, and command and control communications.  The security firm predicts organizations on the leading edge will add outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.

Black-Hat-SEO_full6. The London Olympics, U.S. presidential elections and Mayan calendar apocalyptic predictions will lead to broad attacks by criminals. SEO poisoning has become an everyday occurrence. The Websense Security Labs still sees highly popular search terms deliver a quarter of the first page of results as poisoned.

The researchers expect that as the search engines have become savvier on removing poisoned results, criminals will port the same techniques to new platforms in 2012. They will continue to take advantage of today’s 24-hour, up-to-the-minute news cycle, only now they will infect users where they are less suspicious: Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations. Websense recommends extreme caution with searches, wall posts, forum discussions, and tweets dealing with the topics listed above, as well as any celebrity death or other surprising news from the U.S. presidential campaign.

Scareware7. Scareware tactics and the use of rogue anti-virus, will stage a comeback. With easy to acquire malicious tool kits, designed to cause massive exploitation and compromise of websites, rogue application crimeware will reemerge Websense says. Except, instead of seeing “You have been infected” pages, they expect three areas will emerge as growing scareware subcategories in 2012: a growth in fake registry clean-up, fake speed improvement software, and fake back-up software mimicking popular personal cloud backup systems. Also, expect that the use of polymorphic code and IP lookup will continue to be built into each of these tactics to bypass blacklisting and hashing detection by security vendors. (Rival IT Security firm GFI Software proves Websense’s point by reporting a “new wave of fake antivirus applications (or rogue AV)” since the start of the year and are “a popular tactic among cybercriminals.”)

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| March 17, 2012
One comment

Seinfeld Explains Facebook

Seinfeld Explains FacebookThe NYT reports that Facebook has 50 minutes of your time each day and it wants you to spend even more time on the site giving up your personal data.

Reddit has a Seinfeld clip from 1992 that explains why Facebook, and all social media, is such an irresistible life-resource hog.

 

Seinfeld Season 04 Episode 07 The Bubble Boy

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , ,
| February 9, 2012
One comment

Social Network Safety Tips

Social Network Safety TipsIn case you have lived under a rock, social networking sites are very popular. LinkedIn (LNKD) has over 100 million users; 1 billion tweets are posted on Twitter each week and Facebook is approaching 1 billion users. Despite these numbers, they also open users up to more computer viruses and online threats according to a report from Webroot. A Help Net Security article details a few of the threats social network users face. They include:

Social networking malwareBogus e-mails from “friends”: The blog warns that hackers lure users into taking actions they shouldn’t. They do this by making it seem as if a friend within their social network has sent them an in-network e-mail. Only the e-mail is from a hacker who’s hijacked the friend’s account.

Malicious links or bait: This type of scam involves personal messages to users. The messages encourage victims to click on a link. Doing so can do a number of things including sending users to a fake website. There they are prompted to download and install an executable file that turns out to be a virus that infects the user’s PC explains the author.

Identity theftIdentity theft: Social network users who share personal information with their entire network of friends leave themselves vulnerable to hackers. Oversharing details like birth dates, addresses, pets’ names, and other details make it easier for attackers to guess your password and access Yout profile based on the personal information shared reports Help Net Security.

To help increase your PC protection, Webroot advises users to install updatable Internet security software and keep a few simple rules in mind, such as:

Be skeptical – E-mails, friend requests, Web site links, and other items from sources you do not know could be malware.

Social networking privacyUse privacy settingsSocial Networking sites, such as Facebook and Twitter, offer privacy settings that let you control who sees your posts and personal information. Use them to control who access to your page, contact information, etc.

Protect your password – Choose your passwords wisely, incorporate numbers, letters, and special characters, and never use the same password at more than one site.

For those who may need new internet security software, you should select a program that has a multi-level security program to:

  • Block viruses, spyware, spam, Trojans, worms, rootkits, and keyloggers;
  • Make your PC invisible to hackers;
  • Encrypt passwords and remember them for you;
  • Offer multi-layer identity protection;
  • Provide firewall security.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
« Older Entries   Recent Entries »