Cyber-security Highlights – August 21

Every Monday we bring you a review of the previous week’s hottest cyber-security and on-line privacy news articles.

Here at IronSocket, we work to continually call attention to the risks and threats to our online privacy and security that we as individuals face in our connected lives. We are 100% committed to helping our customers stay safe and secure while on-line, both through our VPN and proxy services as well as through education.

Here are the top articles we have fished from this week’s news cascade.

 

A New iPhone Phishing Attack

Last week I shared here a phishing email designed to capture my Apple/iTunes credentials.  Here’s another scam designed to do the same thing but through SMS. The important point to note here is that these scams will continue, becoming more common, and more sophisticated.  One always must be on guard when on-line.

http://bgr.com/2017/08/18/iphone-hacks-imessage-scam-steal-apple-id/

 

Enter Quantta Analytics

Pretty much everyone who uses the Internet understands that operations like Google and Facebook collect every datum they possibly can.  Few are aware, however, that there are vast quantities of information available only on the dark web.  According to this article, over 500 times as much information.  Quantta Analytics is crunching all this data and using it to predict human behavior.

https://www.techinasia.com/dark-data-startup-quantta-analytics

 

MaaS – Malware-as-a-Service

There are two new malware offerings on the dark web designed to exploit Mac users: MacSpy and MacRansom.  MacSpy was not discovered by researchers doing forensic data analysis.  It we discovered because it is advertised on the dark web.  Cyber-crime has become big business.

https://www.darkreading.com/endpoint/new-malware-as-a-service-offerings-target-mac-os-x-/d/d-id/1329112

 

The Open Invitation of Hotel Wi-Fi

I frequently post articles here about the risks of using hotel and coffee house wi-fi.  Here is the second article in as many weeks warning people who have recently stayed in hotels in continental Europe to change their passwords.

For people who have a large number of email and web site accounts, the solution to the password problem is a password manager.  I have over 50 different email accounts and there is not one duplicate password among them.  They all have unique passwords.  That way if one email service gets hacked, my email accounts on other services are still safe.

http://metro.co.uk/2017/08/14/if-youve-used-hotel-wi-fi-recently-you-should-probably-worry-6850437/

 

The Risks of Relying Solely on Technology

Once again we see that the first line of cyber defense has to be our brains.  Instead of blindly trusting everything we encounter on the Internet, we need to think critically and be suspicious of everything.  We need to learn to recognize if something is potentially risky or dangerous and then how to determine if it is legitimate or not.

http://theconversation.com/end-to-end-encryption-isnt-enough-security-for-real-people-82054

 

It is not convenient to place everything new you encounter online on a blacklist and then move it to the whitelist only after you have verified legitimacy.  Learning how to be cyber-secure takes some effort.  Our privacy and security experts can help make this easier for you.  If you have any concerns, questions, or comments, don’t hesitate to write to us. We’re here to help you stay safe, secure, and protected while online.

I Got Phished

As I regularly say, the first line of cyber-security defense needs to be your brain.

I received this email late last night.  Looks pretty legit, doesn’t it?  My first reaction was, “Huh?  I didn’t order this.”  Then I began to notice things that were not quite right – things seemed “fishy,” if you will.

The first thing that jumped out at me was the registered trademark symbol.  Emails from Apple do not contain this symbol.  Also, in May of 2015, Apple switched from using “iTunes Store” as their sender’s name to simply, “Apple.”

The second thing, and this was a dead giveaway, the email was addressed to one of my personal email addresses but not to the one I use for my iTunes account.

The third thing, Pandora does not sell subscriptions through iTunes.

 

To see the actual email address of the sender, I’ll click on “iTunes.”

 

Hmmmm.  Probably a bogus email address.  I doubt that the Adventist University for Health Sciences would be running a scam.

The purpose of this email is probably to steal people’s Apple IDs and passwords.  If that’s the case, then there will be a link to click on that will take you to a page that very much looks like an Apple login page.  And since they’re probably feeling a bit panicked about spending 97.99 whatevers on something they did not order, their natural inclination will be to cancel immediately and request a refund.

And sure enough, there is a link: Cancel / Refund Subscriptions.

Safari allows us to preview a web site before actually visiting it.  So, let’s have a look.

 

Yep.  Once again, it looks legit.  It was probably lifted right off the Apple Web site.  But check the URL.  That sure ain’t https://apple.com, but they seem to know who I am.

I don’t recall this specific email address being part of any major web site data breach but I’ll check anyway.  A quick trip to Troy Hunt’s Have I Been Pwned web site, enter the email address in question, and…

 

Oh, bugger!

Well, mark this email as junk and get on with my life.  Good thing I change my passwords regularly and use two-factor authentication on places like Apple and Amazon.

The point of this is to illustrate how important it is to be careful and to use your head when online.  If someone wants you to go to a website, even one that you are familiar with, and you did not contact them first, then don’t trust them until you can verify that they really are who they say they are.

As a rule, I personally do not click on any links in email messages.  For example, if my bank sends me an email telling me my online statement is ready, I don’t click on the link they provide.  I go to my bank’s web site, log in, and then check my statement from there.

It’s all part of staying safe and protecting your private information while online.

Protecting Yourself with VPN: DreamHost and the United States Department of Justice

“The United States of America, by and through its attorney, the United States attorney for the District of Columbia, hereby moves the court to order DreamHost, Inc. to show cause why DreamHost should not be compelled to comply with a warrant issued by this court…”

The warrant mentioned in the above quote, if you don’t already know, was obtained by the Department of Justice for the purpose of forcing DreamHost to hand over all data related to the website disruptj20.org. This website was used to help organize protests against the current U.S. administration on Inauguration Day, January 20.

It’s not unusual for companies with an internet presence to receive warrants requiring them to surrender information on specific individuals who are suspected of criminal activity. But in this case, the DoJ wants access to the IP addresses of everyone who visited this site, what content they viewed, photos, and anything else that might be there.

This is exactly why I keep banging on about the importance of using a VPN or proxy when you connect to the internet.

If you were an IronSocket customer and you visited this web site, the IP address that would get logged would be the IP address of our VPN or proxy server.  Your true IP address would not appear anywhere on this web site.

To further protect privacy:

  • Each of our servers only has one IP address which is shared by everyone who connects to it
  • We do not keep logs of our customers’ activities so there is no record of what people do when connected to any of our servers
  • We are incorporated in the Hong Kong Special Administrative Region so any valid court order would have to originate in that jurisdiction.

Here’s the article that broke this news:

http://thehill.com/policy/cybersecurity/346544-dreamhost-claims-doj-requesting-info-on-visitors-to-anti-trump-website

Cyber-security Highlights – August 14

Every Monday we bring you a review of the previous week’s hottest cyber-security and on-line privacy news articles.

Here at IronSocket, we work to continually call attention to the threats that we as individuals face in our connected lives. We are 100% committed to helping our customers stay safe and secure while on-line, both through our VPN and proxy services as well as through education.

Here are the top articles we have harvested from this week’s news jungle.

 

There’s Still No Such Thing as a Free Lunch

Or, you get what you pay for.  Hotspot Shield, provider of free VPN services appears to have been caught with it’s hand in the cookie jar (so to speak).  The Center for Democracy and Technology has accused them of logging connections and using third-party tracking services to exploit their customers.

IronSocket uses no third-party tracking services in our operations.  Customer account management, customer support, email are all internal.

http://www.zdnet.com/article/privacy-group-accuses-hotspot-shield-of-snooping-on-web-traffic/

 

“Sharenting”

Are you a parent?  Do you share lots of things about your children on Facebook?  Here are the juicy bits from an interview that Consumer Reports conducted with a law professor and mother about how to best protect your children’s privacy.

https://www.consumerreports.org/privacy/how-to-protect-your-childs-privacy-in-the-era-of-online-sharenting/

 

Torrenting Safely

There are risks to P2P sharing in the clear: big legal issues, exposure to malware, possible data compromises, and vulnerability to hacking.  Use a VPN or proxy when torrenting to protect yourself.

https://newswatchtv.com/2017/08/11/biggest-dangers-downloadinguploading-torrent-files-without-vpn-proxy/

 

Hello, Room Service?

Traveling through Europe this season and staying in hotels?  Better use a VPN if you’re going to use hotel wi-fi.  You could very well be a target.  There are more than one group of hackers targeting hotel networks.

http://www.zdnet.com/article/hackers-are-now-using-the-exploit-behind-wannacry-to-snoop-on-hotel-wi-fi/

 

Rule #1: Invest in a VPN

Actually, rule #1 should be, “Use your head.”  We’ll go with “Invest in a VPN” though because this article has six very good suggestions.

https://www.windowscentral.com/6-sure-fire-ways-protect-your-privacy-online

 

That’s all for this week. As always, if you have any questions or comments, don’t hesitate to write to us. We’re here to help you stay safe, secure, and protected while online.

Cyber-security Highlights – August 7

Every Monday we bring you a review of the previous week’s hottest cyber-security and on-line privacy news articles.

Here at IronSocket, we work to continually call attention to the threats that we as individuals face in our connected lives. We are 100% committed to helping our customers stay safe and secure while on-line, both through our VPN and proxy services as well as through education.

Here are the top articles we have siphoned from last week’s news tanks.

 

The Echo Heard ‘Round the World

Alexa is always listening.  She wouldn’t want to miss something important, after all.  The problem is, if she can hear you through your Echo, others can too.

http://www.telegraph.co.uk/technology/2017/08/01/amazon-echo-can-used-eavesdrop-conversations-hackers-reveal/

 

Our Children at Risk

Over half of the Android apps built for children are reporting identification and location data to advertising and analytics companies.   A lot of these developers might not even be aware they are doing this because they are using software created by someone else.

https://www.washingtonpost.com/news/the-switch/wp/2017/07/27/we-tested-apps-for-children-half-failed-to-protect-their-data/?utm_term=.8bf6beaccf0c

 

Have You Been Pwned?

There’s a website that can answer that question for you.  If you have an online account that has been hacked, such as  Yahoo, Sony, Target, Yahoo, Ashley Madison, or Yahoo, you should definitely go to Troy Hunt’s website and check you status.

https://thenextweb.com/insider/2017/08/03/site-lets-check-password-306-million-leaked-passwords/

 

Tracking is Big Business

Think you’re doing enough to keep your web browsing activity private?  Better think again.

http://lifehacker.com/your-anonymous-browsing-data-is-not-very-anonymous-1797490806

 

What to Do, What to Do, What to Do…

If you use the Firefox or Chrome web browser, here is a superb too to help you curtail tracking.

https://www.eff.org/privacybadger

 

That’s all for this week. As always, if you have any questions or comments, don’t hesitate to write to us. We’re here to help you stay safe, secure, and protected while online.