Twitter | Bach Seat

Tag Archive for Twitter

RB | February 23, 2017

Comments Off

What to Think About Before You Click

Readers of the Bach Seat know that the Internet can be a risky place. The typical advice to stay safe on the Intertubes is to think before you click. But why should you care and what should you think about before you click on a link in your email or on Facebook? Email is the leading source of attacks at home and at work.

Kaspersky reports that over 2/3 of emails sent in 2014 were SPAM. Merely clicking on a SPAM link can lead to password and data theft, and even “drive-by” malware downloads. In order to stay safe at work and at home ESet wants you to ask yourself these questions before you click on any link:

1. Do you trust the person sending or posting the link? People have gotten better at distinguishing good emails and links from bad. Nonetheless, you still need to be alert, so the first question to ask yourself is:

Do I trust the person sending or sharing this link? If you don’t recognize the name, the email account, or the content, delete it.

2. Do you trust the platform? Here’s what we mean by “platform”: A link shared on your company’s private Intranet is likely to be safe. But anybody can send you an email — so be skeptical.

Pay special attention to Twitter (TWTR) and Facebook (FB), as both social media sites have been hit by copious amounts of spam. Online security experts have found that many social media accounts are fake and pose a risk to anyone they come in contact with.

Researchers say that an average of 40% of Facebook and 20% of Twitter accounts claiming to represent a Fortune 100 brand are fake. 99% of malicious URLs posted on social media channels led to malware or phishing attacks.

3. Does this link coincide with a major world event? Cybercriminals seize any opportunity to get someone to click a link. They commonly use news events like natural disasters, Olympics, and World Cups to lure victims to identity theft or malware sites.

4. Do you trust the destination? Look at the link that has been shared. Does it go to a website you recognize? If you don’t trust or don’t know, the destination, don’t click the link.

5. Is it a shortened link? The rise of social media, especially Twitter, has prompted people to shorten links for convenience. Bad guys can easily shorten scam links, making them harder to spot.

With shortened links, the advice is clear; ask yourself the above four questions and if you’re unsure still, use LongURL and CheckShortURL, to restore the shortened link to its original length.

rb-

Even if you follow this advice, you still need to be alert. If for whatever reason, you’re unsure, you could pick up a phone and call them (Did you remember that you can talk to people on phones?) to verify that they did indeed send that information and maybe talk about something else too.

Is Social Media Changing the “Truth?” How To Make Sure Your Information Is Reliable (maketecheasier.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2017, Cybercrime, ESET, Facebook, FB, Kaspersky Lab, Malware, Security, Social media, SPAM, Twitter, TWTR

RB | November 10, 2016

Comments Off

Bad Passwords Crippled the Web

Followers of the Bach Seat know that passwords suck and now default passwords really suck. In fact, default passwords seem to be a key part of the massive DDOS attack that disabled large parts of the Internet on October 21, 2016. The cyberattack targeted Internet traffic company DYN. DYN provides DNS services for many high-profile sites. Some of the sites affected by the attack on Dyn included; Amazon (AMZN), Business Insider, New York Times, Reddit, and Twitter (TWTR).

Security researcher Brian Krebs, whose site, krebsonsecurity.com, was one of the first sites hit by a massive 620 GB/s DDoS attack, has reported the Mirai botnet was at the center of the attack on his site. CIO.com reports ‘Mirai’ can break into a wide range of Internet of Things (IoT) devices from CCTV cameras to DVRs to home networking equipment turning them into ‘bots. CIO reports a single Chinese vendor, Hangzhou Xiongmai Technology made many of the devices used in the Mirai attacks.

Level 3 Communications says there are nearly half a million Mirai-powered bots worldwide. To amass an IoT botnet, a Mirai bot herder scans a broad range of IP addresses, trying to login to devices using a list of default usernames and passwords that are baked into Mirai code, according to US-CERT. The Mirai zombie devices are largely security cameras, DVRs, and home routers. Mr. Krebs identified some of the specific devices.

Mirai Passwords

Username	Password	Function
admin	123456
root	123456	ACTi IP camera
admin	password
admin1	password
root	password
admin	12345
root	12345
guest	12345
admin	1234
root	1234
administrator	1234
888888	888888
666666	666666	Dahua IP camera
admin	(none)
admin	1111	Xerox printers, etc.
admin	1111111	Samsung IP camera
admin	54321
admin	7ujMko0admin	Dahua IP camera
admin	admin
admin	admin1234
admin	meinsm	Mobotix network camera
admin	pass
admin	smcadmin	SMC router
Administrator	admin
guest	guest
mother	fucker
root	(none)	Viviotek IP camera
root	00000000	Panasonic printers
root	1111
root	54321	Packet8 VoIP phone
root	666666	Dahua DVR
root	7ujMko0admin	Dahua IP camera
root	7ujMko0vizxv	Dahua IP camera
root	888888	Dahua DVR
root	admin	IPX-DDK network camera
root	anko	Anko Products DVR
root	default
root	dreambox	Dreambox TV receiver
root	hi3518	HiSilicon IP Camera
root	ikwb	Toshiba network camera
root	juantech	Guangzhou Juan Optical
root	jvbzd	HiSilicon IP Camera
root	klv123	HiSilicon IP Camera
root	klv1234	HiSilicon IP Camera
root	pass
root	realtek	Realtek router
root	root
root	system	IQinVision camera, etc.
root	user
root	vizxv	Dahua camera
root	xc3511	H.264 - Chinese DVR
root	xmhdipc	Senzhen Anran security camera
root	zlxx.	EV ZLX two way speaker
root	Zte521	ZTE router
service	service
supervisor	supervisor	VideoIQ
support	support
tech	tech
ubnt	ubnt	Ubiquiti AirOS Router
user	user

US-CERT says the purported author of Mirai claims to have 380,000 IoT devices are under its control. Some estimate the botnet has generated greater than 1Tbps DDoS attacks.

When Mirai botnets are called upon to carry out DDoS attacks, they can draw on a range of tools including ACK, DNS, GRE, SYN, UDP and Simple Text Oriented Message Protocol (STOMP) floods, says Josh Shaul, vice president of web security for Akamai.

rb-

Followers of Bach Seat already know that many of the default passwords used by Mirai are among the worst and should have been changed already. They include:

Password
123456
12345
1234

While reports say, Chinese vendor, XiongMai Technologies equipment was widely exploited, other notable tech firms are included. The Mirai zombie army includes equipment from Xerox (XRX), Toshiba (TOSBF), Samsung (005930), Panasonic (6752), and ZTE (763).

I wrote about security cameras being compromised as part of botnets back in July here.

Terabit-scale DDoS events are on the horizon (helpnetsecurity.com)

Category: Uncategorized | Tags: 2016, Botnet, Brian Krebs, Business Insider, China, cyber attack, DDOS, Denial-of-service attack, DNS, Dyn, Mirai, New York Times, Passwords, Reddit, Samsung, Security, Toshiba, Twitter, TWTR, Xerox, XiongMai Technologies, ZTE

RB | November 5, 2016

Comments Off

Chatbots Taking Over Politics

Mercifully, the 2016 U.S. election cycle is coming to an end. Most people are talking about how terrible all the candidates are. We don’t care anymore both candidates suck. The political conversation online is even worse. Political conversation online is more hateful because most of the politics on social media outlets like Facebook or Twitter are chatbots.

Researchers say that most election tweets come from political chatbots. Chatbots are computer programs that simulate human conversation or chat through artificial intelligence. Political chatbots engage with other users about politics, especially on Twitter (TWTR) and Facebook (FB).

Chatbots are rooting for Trump.

Recode reports that chatbots for both sides are pushing their candidates hard. According to a paper released by Oxford University’s Project on Computational Propaganda, Republican bots are out tweaking Democratic chatbots on the Web.

The researchers found that most bots root for Trump to win the election. During the third presidential “debate,” Twitter bots sharing pro-Trump-related content outnumbered pro-Clinton bots by 7 to 1. Between the first and second debates, bots generated more than 33% of pro-Trump tweets, compared with 20% for pro-Clinton tweets.

Twitter bot

The Oxford team found that a Twitter bot is automated account software that acts independently. Bots can retweet, like, and reply to tweets. They can also follow accounts and tweet themselves.

The researchers found that Twitter accounts with extremely high levels of automation, meaning they tweeted over 200 times during the data collection period (Oct. 19-22) with a debate-related hashtag or candidate mention, accounted for nearly 25% of Twitter traffic surrounding the last debate.

The problem with the outpouring of automated engagement on Twitter is that campaigns often measure success (and decide where and how to invest in further outreach) by counting these retweets, likes, replies, and mentions.

Chatbots can give issues unwarranted clout.

The article states that it is hard to tell how many retweets and likes are from real supporters. A proliferation of chatbots can give candidates and issues unwarranted clout. Throughout the race, Trump has discounted the value of polls. They’re rigged, he says. Instead, his campaign implores Americans to reference how viral he is on social media and the size of his rallies.

The third debate came on the heels of the leaked tape of Trump bragging about sexually assaulting women, which went viral. The article speculated that Trump’s uptick in automated Twitter fandom during the debate may have been intended to counteract the lingering outrage against the candidate on social media.

Increasingly, journalists use Twitter to report stories and prove public interest. They believe it’s an excellent way to bring audience voices into a political discussion, though more voices don’t always make for a better conversation. The author warns that much of the engagement numbers aren’t from real people, which is also a sobering reminder that virality is no demonstration of genuineness.

Automated fake profiles that look real

Donald Trump likes to boast that he’s more popular than Hillary Clinton on social media. After all, he has 12.9 million Twitter followers, while Clinton lags behind with a mere 10.1 million. But it’s hard to say how much those numbers mean if many of them represent robots. Sam Woolley, a researcher at the University of Washington who studies the political use of social media bots, told Revelist “… that well over half of his [Trump] followers are automated, fake profiles made to look like real people.”

Mr. Howard told CNN, “The takeaway is that we should be skeptical about social media … Politicians use bots to influence debate, it’s often a form of a negative campaign because in many cases these bots can be very vicious.”

Rb-

Filippo Menczer, a computer scientist at Indiana University’s School of Informatics and Computing, said botnets have been deployed in many countries to squelch dissent. “We’ve seen examples in other countries – in Russia, Iran, and Mexico – of bots used to destroy social movements. They would impede conversations. All of a sudden, you would see hundreds of thousands of junk tweets flooding your feed.”

Notice the Trump – Russia tie.

This is one of the risks of automating work with bots, which I wrote about here. The pro-Trump bots keep counting on themselves to skew their total numbers up and bury the discussion points from actual voters under the avalanche of bot chat.

Watch out—it won’t be long before chatbots are granted rights under dubious SCOTUS rulings like Citizen United.

How Twitter Bots Are Shaping the Election (theatlantic.com)

Category: Uncategorized | Tags: 2016, Botnet, Chatbot, Election, Facebook, FB, Hillary Clinton, Politics, SCOTUS, Social media, Twitter, TWTR

RB | August 22, 2016

Comments Off

Chatbot Risks

Chatbots are the latest rage on social media. As Time explained, they have been around since the 1960s. That’s when MIT professor Joseph Weizenbaum created a chatbot called ELIZA. Chatbots found a home on desktop messaging clients like AOL Instant Messenger. Chatbots went dormant as messaging transitioned away from desktops and onto mobile devices.

But they’re poised for a resurgence in 2016. There are two reasons for this. First, artificial intelligence and cloud computing has gotten better thanks to improvements in machine learning. Second, bots could be big money.

Tech titans have chatbots on social media

All the tech titans have released social bots on the web; Apple’s (AAPL) Siri, Facebook’s (FB) “bots on Messenger“, Google’s (GOOG) Allo, and Microsoft’s (MSFT) ill-fated Tay. They believe there’s a buck to be made here, and they’re scrambling to make sure they don’t get left out.

The July issue of the Communications of the ACM included an article, “The Rise of Social Bots,” which lays out social bots’ impact on online communities and society at large. The authors define a social bot as a computer algorithm that automatically produces content and interacts with humans on social media, trying to emulate and possibly alter their behavior.

The Business Insider published this infographic about the social bot ecosystem.

Chatbots can be deceptive

The ACM article argues that social bots populate techno-social systems; they are often benign, or even useful, but some are created to harm by tampering with, manipulating, and deceiving social media users. The article offers several examples of how social bots can be a hindrance. The first example involves the Twitter (TWTR) posts around the Boston Marathon bombing. The researcher’s analysis found that social bots were automatically retweeting false accusations and rumors. The researchers argue that forwarding false claims without verifying the false tweets granted the false information more influence.

The ACM article also discusses how social bots can artificially inflate political candidates. During the 2010 mid-term elections some politicians used social bots to inject thousands of false tweets to smear their opponents. This type of activity puts the integrity of the democratic process at risk. These types of attackers are also called astroturfing, or twitter-bombs.

Anti-vaxxer chatbots

The article offers another example of the use of social bots to influence an election in California. During the recent debate in California about a law on vaccination requirements there appears to be widespread use of social bots by opponents to vaccinations. This social bot interference puts an unknown number of people at risk of death or disease.

Greed is the most likely use of social bots. One example from the article is the April 2013 hack of the Twitter account of the Associated Press. In this case, the Syrian Electronic Army used the hacked account to posted a false statement about a terror attack on the White House which injured President Obama. This false story provoked an immediate $136 Billion stock market crash as an unwarranted result of the widespread use of social bots to amplify false rumors.

Chatbots manipulate social media reality

Research has shown that human emotions are contagious on social media. This means that social bots can be used to artificially manipulate social media users’ perception of reality without being aware they are being manipulated. The article says the latest generation of Twitter social bots has many “human-like” online behaviors that make it difficult to separate bots from humans. According to the authors, social bots can:

Search the web to fill in their profiles,
Post pre-collected content at a defined time
Engage in conversations with people,
Infiltrate discussions and add topically correct information.

Some bots work to gain greater status by searching out and following popular or influential users or taking other steps to garner attention. Other bots are identity thieves, adopting slight variants of user names to steal personal information, picture, and links.

Strategies to thwart bad chatbots

The authors review several attempts to thwart these growing sophisticated bots.

1. Innocent-by-association – This theory measured the number of legitimate links vs. the number of social bots (Sybil) links a user has. This method was proven to be flawed. Researchers found that Facebook users are pretty indiscriminate when adding users. The article says that 20% of legitimate Facebook users accept any friend request and 60% accept friend requests with only one contact in common.

2. Crowdsourcing – Another approach to stop social bots is crowdsourcing. The crowdsourcing approach would rely on users and experts reviewing an account. The reviewers would have to reach a majority decision that the account in question was a bot or legit. The authors pointed out some issues with crowdsourcing.

It will not scale to large existing social networks like Facebook or Twitter.
“Experts” need to be paid to check accounts.
It exposes user’s personal information related to the account to unknown users and “experts.”

3. Feature-based detection is the third method the researchers noted by the authors. Feature-based bot detection uses behavior-based analysis with machine learning to separate human-like behavior from bot-like behavior. Some of the behaviors that these types of applications include:

The number of retweets.
Age of account.
Username length.

4. Sybil until proven otherwise – The Chinese social network RenRen uses the fourth method noted by the author. This network uses a “Sybil until proven otherwise” approach. According to the article, this approach is better at detecting unknown attacks, like embedding text in graphics.

rb-

While people’s ability to critically assimilate information, is beyond technology, the authors call for new ways to detect social bot-generated spam vs. real political discourse.

The researchers speculate there will not be a solution to the social bot problem. The more likely outcome is a bot arms race, like what we are seeing in the war on SPAM and other malware.

Man vs. Machine: What do Chatbots Mean for Social Media? (blogs.adobe.com)

Category: Uncategorized | Tags: 2016, AAPL, AOL, Apple, Artificial intelligence, Associated Press, Bot, Chat, Chatbot, Cloud computing, Eliza, Facebook, FB, GOOG, Google, Machine learning, Microsoft, MSFT, Politics, Security, Sybil, Twitter, TWTR, White House

RB | February 9, 2016

Comments Off

Trivial Taxes for Tech Titans

Just in time for the start of the U.S. tax season, reports have surfaced that should piss off most tax-paying Americans. The Business Insider is reporting that most of the American tech giants, like Apple, Google and Microsoft are not paying their share of taxes.

The U.S. corporate tax rate is about 35%, but according to an analysis by financial research website WalletHub and charted by Statista, the effective tax rate paid by U.S. tech companies, like Apple (AAPL), Microsoft (MSFT), and Google (GOOG), was well below the 28.6% average rate paid by the 100 biggest S&P companies.

Facebook (FB) was the exception with an effective tax rate of 41%, but the social networking company has paid a higher rate in past years and recouped some of the money in tax deductions, according to Quartz.

One way these tech giants are lowering their tax bills is by stashing most of their profits overseas, where lower international tax rates apply. Despite claims by Apple CEO Tim Cook, that Apple pays all of its taxes, Apple, for example, keeps most of its cash offshore, and openly says it’s keeping it overseas to avoid their U.S. corporate tax bills.

The New York Times recently reported that Apple made a deal with Italian tax authorities over a dispute about how much tax the iPad maker should have paid Italy. A spokesman for Italy’s tax authority declined to comment to the NYT on the amount of owed taxes but the BBC reports that the figure is €318m ($348m).

The investigation found that since 2013, Apple had moved roughly $1.1 billion in revenue from its Italian operations through an Irish subsidiary to lower the taxes that the company was obliged to pay under the 27.5% corporate income tax rate in Italy.

The NYT says Ireland’s corporate tax rate, at 12.5%, is one of the lowest in the Western world, compared with 35%, before deductions, in the United States. Of course, Irish officials deny that the low-tax structure represents unfair competition.

rb-

The Tech Titans have long lusted after a tax cut. I cover the 2011 meeting where Tech giants Facebook, Mark Zuckerberg, Apple, Steve Jobs, Yahoo, Cisco (CSCO), Twitter (TWTR), Oracle (ORCL), Netflix, Google, and venture capitalists lobbied Obama for a tax cut on $1 trillion of profits they’ve stashed overseas.

How Microsoft moves profits offshore to cut its tax bill (seattletimes.com)

Category: Uncategorized | Tags: 2016, AAPL, Apple, Barack Obama, Cisco, CSCO, Facebook, FB, GOOG, Google, Justice, Microsoft, MSFT, Netflix, Politics, Tax, Twitter, TWTR

« Older Entries Recent Entries »

Bach Seat

Tag Archive for Twitter

Bad Passwords Crippled the Web

Mirai Passwords

Related articles

Trivial Taxes for Tech Titans

Related articles

Meta