Have you ever received a call from a mysterious person claiming to represent a legitimate company? The person then proceeds to ask you for payment information for some bogus good or service he is providing after some social engineering to convince you of his legitimacy. Many years ago, I received a call claiming to be from the company I had purchased a computer from within the past 1-2 years. Within approximately 1 minute, I was being asked for my credit card number Continue reading Microsoft Sues Company For Allegedly Providing Phony Tech Support
Over 100,000 WordPress sites have been compromised by malware called SoakSoak. According to security company Sucuri, the compromise occurred via a plugin called RevSlider. The developers of the plugin have been criticized for making automatic updates difficult.
According to Gizmodo, the malware only affects self-hosted sites; not sites hosted on WordPress.com. Furthermore, WordPress itself is not affected, so you shouldn’t be vulnerable just because you’re using WordPress; you had to have used a vulnerable version of the RevSlider plugin. If you think you might have been affected though, Sucuri provides some technical details here. Its instructions, however, could have been clearer. For example, they tell you to “remove all backdooors [sic],” but don’t provide any specific instructions on how to remove these backdoors. An article in The Guardian hints that one such backdoor may consist of new administrator users.
There’s a new Pew report on what experts believe the future of privacy will look like. The responses range from optimistic to grim.
This site was temporarily down yesterday due to some technical problems encountered during an update. Everything is back to normal now.
Brian Krebs has written a new post warning about the dangers of fake order confirmation e-mails. 2 of the screenshots in the post show examples of fake order confirmation e-mails from Home Depot and Walmart, respectively. I don’t know with absolute certainty the dates the e-mails in these screenshots were sent, but because both e-mails mentioned Thanksgiving and have a copyright date of (or ending in) 2014, they are likely to be recent.
Nevertheless, Krebs is correct in referring to this type of e-mail as a “perennial scourge.” A quick Google search reveals similar scams going back as far as 2004, though the DSLReports scam does not seem to explicitly mention the holidays. Here’s another example in 2012 that probably linked to a phishing website. Here’s a third example Continue reading Protecting Yourself Against Fake Order Confirmation E-mails
A new study from Pew Research purports to test the “Web IQ” of Internet users. I took this quiz myself, although I admit my knowledge of some of the questions may have been spoiled because I first found out about the quiz from an article that launched straight into a discussion of the questions (and answers) without warning. To prevent this from happening here, you may want to take the quiz yourself before clicking “Continue Reading.”
The EFF, Amnesty International, Digitale Gesellschaft, and Privacy International have teamed up to release an anti-surveillance program called Detekt. Detekt rightly cautions users against being lulled into a false sense of security; the failure by Detekt to find any traces of spyware on your computer does not mean that spyware doesn’t exist. In fact, even if Detekt finds something, that doesn’t mean there is additional spyware that it failed to detect.
The program doesn’t appear or claim to be the definitive solution to the surveillance of journalists by repressive regimes; it only claims to detect FinFisher and Hacking Team RCS. In fact, Continue reading 4 Organizations Release Anti-Surveillance Software
Twitter has started gathering the names of the apps you have on your phones/tablets. The new feature is called “Twitter app graph.” They are claiming they only gather the names of the apps rather than the data stored within them.
According to Mashable, this snooping only happens if you are using their mobile app. If this is correct, you have 2 options if you want to continue using Twitter without allowing them to gather this data:
1. Use Twitter from a browser rather than installing their app.
2. Follow the opt-out procedure here.
Twitter seems to be doing this so they can personalize the ads they deliver to you based on the apps you have installed. It is up to you to decide whether they have any business knowing the names of the other apps you have installed on your mobile device, and what you should do about it.
Twitter has just made every public Tweet made since the inception of Twitter available through its search engine. The Guardian has suggested several approaches to scrubbing potentially embarrassing Tweets from being found through this search engine. The approaches range from deleting a single Tweet to closing your entire Twitter account.
The consequences to not exercising discretion in sharing information (or allowing others to share it) on social media can be serious. College admissions officers commonly use social networks to find out more about their applicants. Employees at fast food restaurants have lost their jobs. Continue reading Twitter Makes Every Public Tweet Searchable