Category Archives: facebook

Zuckerberg Doesn’t Care About Publishers; Media Firms That Don’t Work With Us Will End Up ‘In Hospice’: Facebook Executive

Olivia Solon, writing for The Guardian: A senior Facebook executive told Australian media companies that if they didn't cooperate with the social network, their businesses would die. According to a report by The Australian, Campbell Brown, Facebook's head of news partnerships, told a group of more than 20 broadcasters and publishers that she wanted to help media companies develop sustainable business models through the platform. "We will help you revitalise journalism ... in a few years the reverse looks like I'll be holding your hands with your dying business like in a hospice," she said, in comments corroborated by five people who attended the meeting in Sydney on Tuesday. The Australian also reported that Brown said that Facebook's chief executive, Mark Zuckerberg, "doesn't care about publishers but is giving me a lot of leeway and concessions to make these changes," although both Facebook and Brown vehemently deny this comment was made, referring to a transcript they have from the meeting. Facebook would not release the transcript from the meeting.

Read more of this story at Slashdot.

Facebook Bans the Sale of All Kodi Boxes

An anonymous reader quotes a report from TorrentFreak: Facebook previously banned the sale of fully-loaded pirate streaming devices, as did Amazon and eBay, but the social network appears to have expanded this to all Kodi-powered hardware now. This is made clear in the prohibited content section of the company's commerce policies, as shown below. Facebook states that users are no longer allowed to promote "the sale or use of streaming devices with KODI installed." In addition, jailbroken or loaded devices are also banned from the platform. The issue was first noticed by CordCuttersNews which notes that sellers who violate the policy may have their Facebook accounts banned. Interestingly, Facebook will still permit the sale of "add-on equipment for KODI devices," including keyboards and remotes. However, selling any devices with the software itself is no longer allowed.

Read more of this story at Slashdot.

Tech Talk: Ways to Help Your Child Conquer Back-To-School Fears

Tech and back-to-school fears

The first-day-of-school jitters nearly did me in as a kid. Our military family moved ten times, so I got used to the stomach aches and stares that came with every new school.

I can’t imagine making those big moves as a kid in today’s digital culture.  The cliques are far more visible. The fails are far more public and weaknesses, far more exploited.

This digital layer of scrutiny and exposure sends my admiration and respect for kids today to heroic levels.

Tech and Anxiety

Reports of tech-related anxiety* and depression in kids on the rise, which can put a whole layer of angst on first-day jitters. And while there is no one-size-fits-all solution to ease that stress, helping your child manage his or her technology can help diminish it.

Tips to Help Ease Stress

1. Unplug more. Discuss the power and emotional pull of the smartphone and how it can escalate the stress of starting school. Remind kids that the edited, seemingly perfect version of life people post on social media doesn’t represent reality and that constant comparison can be harmful.

While we recommend families establish a phone curfew every night for health reasons, it’s especially crucial in the weeks leading up to the first day of school. Other simple ways to ease stress this school year: Turn off all push notifications during school hours and use parental control apps to help with time limits and safety. Tech and back-to-school fears

2. Make time to talk. Ask your child what concerns him or her most about starting school. Then, just listen. Acknowledge your child’s fears and try to relate or find common ground. Let your child know that worry is normal, it can help protect us, and everyone experiences it from time to time. Some of the stresses they might share: Finding friends and fitting in, who they will sit with at lunchtime, having the right clothes or fashion sense, being able to find their classes, opening the combinations on their lockers, sports or music auditions, body image and appearance, school work challenges, and more.

3. Visualize the first day. Help your child map out his or her classes. Based on your child’s feedback, talk through possible awkward or stressful situations that might come up to help build his or her confidence and reduce worry. Often just getting a fear from your brain to your lips can strip power from fear. Brainstorm one-liners your kids might use to introduce themselves to new people or positive responses that might deflect a negative comment.

4. Practice the present. Anxiety* can be triggered when we live more of life in the future — imagining the what-ifs — than living in the right now. Who hasn’t imagined tripping in the lunchroom or falling down the stairs? A few simple tips: Teach kids to practice deep breathing, to challenge their negative thoughts, and to talk/think about life in the present tense.Tech and back-to-school fears

5. Encourage. Without going over the top (because kids can smell inflated praise), remind your child of his or her strengths. Fear creates a wall that blocks our view of past accomplishments. Provide that recollection for your child. Give truthful reminders of your child’s strengths, talents, and unique qualities.

6. Help kids with balance on and offline. A new school year represents a clean slate. There’s no need to bring bad habits along. So make the changes you’ve always intended to make. Set time limits on technology and stick to them. Help your kids prioritize face-to-face time with peers. Know what’s going on in your child’s online life and make sure his or her digital community isn’t unraveling your parenting goals. Pay close attention to new friends and your child’s demeanor on a daily basis.

* It’s important to note that while the word “anxiety” is commonly used, the American Acadamy of Pediatrics says that 8% of kids are diagnosed with an anxiety disorder. If your child’s stress level becomes serious, please seek professional help.

 

toni page birdsongToni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Tech Talk: Ways to Help Your Child Conquer Back-To-School Fears appeared first on McAfee Blogs.

Facebook Bans Sites That Host Blueprints of 3D-Printed Guns

Yesterday, Facebook said it's banning websites that host and share blueprints of 3D-printed guns. "Sharing instructions on how to print firearms using 3D printers is not allowed under our Community Standards," said a spokesperson in an email statement. "In line with our policies, we are removing this content from Facebook." BuzzFeed was first to report the news: The move comes amid a rush by states to block these instructions from being posted. A July settlement between the State Department and Defense Distributed, an open-source organization that created the first completely 3D-printed gun, cleared the way for the group to publish the gun code. However, that was stalled when a federal judge on July 31 granted a temporary nationwide injunction that prevented Defense Distributed from uploading the plans. The injunction prevents Defense Distributed from publishing the plans. But the instructions are widely available online, on sites such as CodeIsFreeSpeech.com -- which hosts plans for parts of an AR-15, a Beretta, and Defense Distributed's Liberator. Attempts to post the site on a user's News Feed, through Facebook's Messenger app, or on Instagram (which Facebook owns) produce a variety of error messages. Other sites that host the files can still be posted through Facebook. Specifically, Facebook says that 3D-printed guns violate the regulated goods section of the social giant's community standards, which limits gun sales and exchanges to licensed dealers.

Read more of this story at Slashdot.

Facebook, Still on a Mission To Bring People Online, Announces Connectivity

The social network's initiatives to connect people to the internet, including Internet.org and new data analytics tools, are now part of Facebook Connectivity. From a report: A half decade after launching Internet.org, seen by many as the coming-out party for Facebook's connectivity programs, the company said it's shaking up its efforts to bring internet access to the 4 billion people who still don't have it. On Friday, Facebook rounded up all its disparate broadband and infrastructure projects and housed them under a new umbrella organization called Facebook Connectivity. "There's no silver bullet for connecting the world," Yael Maguire, vice president of engineering for Facebook Connectivity, said in an interview Thursday. "There isn't going to be a magic technology or business plan or single regulatory policy change that's going to change this. We really believe that it is a wide and diverse set of efforts that's required to do this." The Connectivity group houses projects including Terragraph, which aims to connect high-density urban areas; OpenCellular, an open-source platform working on rural connectivity; and the Telecom Infra Project, a joint initiative with the wireless industry for creating faster networks. Facebook said the umbrella will also include Internet.org, which drew controversy with its Free Basics product that offered a pared-down version of the internet in emerging markets. While Internet.org has been synonymous with Facebook's connectivity efforts for the past five years, the new Connectivity brand may signal the company trying to distance itself from the backlashes surrounding Internet.org.

Read more of this story at Slashdot.

Facebook Now Deletes Posts That Financially Endanger, Trick People

An anonymous reader quotes a report from TechCrunch: It's not just inciting violence, threats and hate speech that will get Facebook to remove posts by you or your least favorite troll. Endangering someone financially, not just physically, or tricking them to earn a profit are now also strictly prohibited. Facebook today spelled out its policy with more clarity in hopes of establishing a transparent set of rules it can point to when it enforces its policy in the future. "We do not, for example, allow content that could physically or financially endanger people, that intimidates people through hateful language, or that aims to profit by tricking people using Facebook," its VP of policy Richard Allen published today. Web searches show this is the first time Facebook has used that language regarding financial attacks.

Read more of this story at Slashdot.

An Internal Note Shows Facebook Learned a Way To Target High Schoolers Through a Viral Polling App It Acquired Last Year: Report

Facebook bought TBH last October and eventually shut it down, but an internal note, obtained by BuzzFeed News, shows that the company learned a way to target high schoolers through the viral polling app. From a report: When Facebook purchased TBH last October it got more than just a viral polling app that amassed 2.5 million daily users, mostly teens, a few months after launch. The social network also acquired a carefully honed growth strategy targeted toward high school kids. An internal document from Facebook, obtained by BuzzFeed News, shows TBH's leadership explaining a well-tested method the startup used to attract teens at individual high schools to download its app. The note provides a window into Facebook's growth-at-any-costs mentality and the company's efforts to keep a key demographic engaged as its popularity among teens declines and it simultaneously runs out of people in the connected world to bring to its platform. In the confidential memo, TBH's founders told their new colleagues of "a psychological trick" that they employed to acquire teenage users en masse -- a combination of scraping Instagram for high schoolers' accounts, playing to youthful curiosity, and taking advantage of class dismissal hours.

Read more of this story at Slashdot.

New WhatsApp flaws let attackers hack private/group chats to fake news

By Waqas

Spreading fake news through WhatsApp was never so easy before. According to the latest research from Check Point security firm, WhatsApp users are at the risk of getting their private chats and group conversations hacked and exploited. Researchers discovered a new wave of attacks that allow cybercriminals to penetrate your messages on WhatsApp. This penetration […]

This is a post from HackRead.com Read the original post: New WhatsApp flaws let attackers hack private/group chats to fake news

Facebook launches AR games for Messenger app

Facebook adds augmented reality (AR) games to its Messenger app

Facebook is known for copying Snapchat’s features for its social media platforms. And, the social media giant has done it yet again!!! Facebook in a blog post yesterday announced a new feature in Messenger app for its users that makes connecting with friends in video chat even more fun and competitive. Facebook has added augmented reality (AR) games in video chats of its Messenger app. This feature allows up to six people to play the AR games at a time via video chat.

“For the moments when we can’t be together IRL, Messenger video chat helps you connect in real-time with the people you care about most. Today we’re excited to make connecting with your friends in video chat even more fun – and competitive! – with multiplayer video chat AR games,” Facebook said in the announcement on Wednesday.

Currently, there are two AR games, ‘Don’t Smile and ‘Asteroid Attack that are available to play. These games test each player’s ability to steer a spaceship using their face.

“With this feature starting to roll out today, you can challenge your friends around the world to two games: see who can hold a serious face the longest with “Don’t Smile”, or see who can better navigate their spaceship with “Asteroids Attack”, the social media giant said.

Facebook also plans to roll out more games in the coming weeks and months. One of them is called Beach Bump, where players get to pass a beach ball back and forth, while another one is a matching cat game called Kitten Kraze.

If you wish to try out the new feature, ensure that your device is running the latest version of Messenger app. Open a new or existing video conversation or find the person or group of people you would like to chat with and tap the video icon on the upper right corner of the screen. Click the star button and select one of the AR games from the list. The app will then notify the person or group in the video chat that the game is starting.

Facebook’s new feature is very much like one of Messenger’s chief competitor, Snapchat’s Snappables – the lens-based games inside the Snapchat camera, that was launched in April this year. Snappables allows the user to use touch, motion, and facial expressions to compete for high scores or in literal head-to-head multiplayer match-ups. Some of the first Snappables previewed by Snapchat include an Asteroids-style space shooter, a weightlifting one you play by straining your forehead, a bubble gum popping contest, an egg-catching competition, a kiss-blowing game, and a dance party.

What do you think about Facebook’s new AR games feature in Messenger app? Do let us know in the comment sections below.

The post Facebook launches AR games for Messenger app appeared first on TechWorm.

Facebook Open Sources Fizz — TLS 1.3 Library For Speed and Security

Facebook has open sourced Fizz—a library designed to help developers implement TLS 1.3 protocol with all recommended security and performance related configurations. Since late last month, Google Chrome web browser has started marking all non-HTTPS websites as 'Not Secure' in an effort to make the web a more secure place, forcing website administrators to switch to HTTPS. TLS 1.3 is the

A week in security (July 30 – August 5)

Last week, we posted a roundup of spam that may have landed in your mailbox, talked about what makes us susceptible to social engineering tactics, and took a deep dive into big data.

Other news:

  • Facebook claimed to have removed accounts that display behavior consistent with possible Russian actors engaged in misinformation. (Source: The Wall Street Journal)
  • Yale University disclosed that they were breached at least a decade ago. (Source: NBC – Connecticut)
  • High school students, be on the lookout! If you receive email or snail mail from organizations with impressive-sounding names, consider that it may just be a carefully packaged marketing scheme. (Source: Sophos’s Naked Security Blog)
  • A researcher from Amnesty International revealed that hackers have targeted them with malware from an Israeli vendor. (Source: Motherboard)
  • Certain e-commerce providers in the UK were affected by a data breach and exposed potentially more than a million user data. (Source: Graham Cluley’s blog)
  • A game on the Steam platform was found hijacking video game player machines to mine cryptocurrency. (Source: Motherboard)
  • The Alaskan Borough of Matanuska-Susitna was infected with malware that disrupted normal activities so much that they had to dust off old typewriters to continue issuing receipts. (Source: Sophos’s Naked Security blog)
  • While we’re on the subject of breaches, here’s another popular victim: Reddit. (Source: TechCrunch)
  • Google joined Apple in banning mining apps on the Play Store. (Source: Coin Central)
  • An independent security researcher from the UK spotted a DHL-themed spam carrying malware hidden in a GIF file. (Source: The SANS ISC InfoSec Forums)

Stay safe, everyone!

The post A week in security (July 30 – August 5) appeared first on Malwarebytes Labs.

Facebook Has Asked Large US Banks To Share Detailed Financial Information About Customers as it Seeks To Boost User Engagement [Update]

Facebook wants your financial data. The social media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking account balances, as part of an effort to offer new services to users, The Wall Street Journal reported Monday. From the report: Facebook increasingly wants to be a platform where people buy and sell goods and services, besides connecting with friends. The company over the past year asked JPMorgan Chase, Wells Fargo & Co., Citigroup and U.S. Bancorp USB to discuss potential offerings it could host for bank customers on Facebook Messenger, said people familiar with the matter. Facebook has talked about a feature that would show its users their checking-account balances, the people said. It has also pitched fraud alerts, some of the people said. Data privacy is a sticking point in the banks' conversations with Facebook, according to people familiar with the matter. The talks are taking place as Facebook faces several investigations over its ties to political analytics firm Cambridge Analytica, which accessed data on as many 87 million Facebook users without their consent. Update: Shares of Facebook surged nearly 3% following the report. A paywall free, alternative source of this story. Update 2 (18:10 GMT): Talking to TechCrunch, Facebook has, in part, denied WSJ's report. TechCrunch: Facebook spokesperson Elisabeth Diana tells TechCrunch it's not asking for credit card transaction data from banks and it's not interested in building a dedicated banking feature where you could interact with your accounts. It also says its work with banks isn't to gather data to power ad targeting, or even personalize content such as what Marketplace products you see based on what you buy elsewhere.

Read more of this story at Slashdot.

Is Facebook Ignoring Our Humanity?

"Facebook really is evil," writes Quartz reporter Nikhil Sonnad. "Not on purpose. In the banal kind of way. Underlying all of Facebook's screw-ups is a bumbling obliviousness to real humans..." An anonymous reader quotes Sonnad's essay: The imperative to "connect people" lacks the one ingredient essential for being a good citizen: Treating individual human beings as sacrosanct. To Facebook, the world is not made up of individuals, but of connections between them. The billions of Facebook accounts belong not to "people" but to "users," collections of data points connected to other collections of data points on a vast Social Network, to be targeted and monetized by computer programs. There are certain things you do not in good conscience do to humans. To data, you can do whatever you like.... With Facebook, "life is turned into a database," writes technologist Jaron Lanier in his 2010 book You Are Not a Gadget... Silicon Valley culture has come to accept as certain, Lanier writes, that "all of reality, including humans, is one big information system".... The problem, says Lanier, is that there is nothing special about humans in this information system. Every data point is treated equally, irrespective of how humans experience it. The essay argues Facebook's value system "has diverged from that of the rest of society," adding that Facebook "seems to be blind to the possibility that it could be used for ill." Facebook needs to "check their instinctive technological optimism against the realities of human life. Absent human considerations, Facebook will continue to bring thoughtless, banal harm to the world."

Read more of this story at Slashdot.

Too Much Tech: 4 Steps to Get Your Child to Chill on Excessive Snapchatting

We were in the midst of what I believed to be an important conversation.

“Just a sec mom,” she said promptly after a Snapchat notification popped up on her iPhone.

She stopped me mid-sentence, puckered her lips, rolled her eyes, typed a few lines of copy, and within three seconds, my teenage daughter Snapchatted a few dozen friends.

“Sorry, mom, what were you saying?” she turned back toward me her face void of any trace of remorse.

It was clear: Snapchat had far more influence than I, the parent, and it was time to make some serious changes.

Imbalance of Power

It’s obvious the power apps hold over our lives. In fact, in an attempt to encourage responsible app use, Facebook and Instagram recently announced it would implement tools allowing users to track how much time they spend on the apps. This mom is hoping Snapchat will follow suit.

Since its inception in 2011, Snapchat has become one of the most popular apps with an estimated 187 daily active users. A 2017 study released by Science Daily found that 75% of teens use Snapchat. But it’s not the only app winning our kids affections:

  • 76 percent of American teens age 13-17 use Instagram.
  • 75 percent of teens use Snapchat.
  • 66 percent of teens use Facebook.
  • 47 percent of teens use Twitter.
  • Fewer than 30 percent of American teens use Tumblr, Twitch, or LinkedIn.

If you have a teen, you understand the dilemma. We know that social ties are essential to a teen’s psychological well-being. We also know that excessive time online can erode self-esteem and cause depression. We can’t just yank our child’s favorite app, but we also can’t let it run in the background of our lives 24/7, right?

What we can do is take some intentional steps to help kids understand their responsibility to use apps in healthy, resilient ways. In our house, taking that step meant addressing — and taming — the elephant in the room: Snapchat. Here are a few things that worked for us you may find helpful.

4 Steps to Help Curb Excessive Snapchatting

  1. Strive for quality relationships. With so much more information available on the downside of excessive social media use, it’s time to be candid with our kids. Excessive “liking,” carefully-curated photos, and disingenuous interactions online are not meaningful interactions. Stress to kids that nothing compares to genuine, face-to-face relationships with others.
  2. Zero phone zones. This is a rule we established after one too many snaps hijacked our family time. We agreed that when in the company of others — be it at home, in the car, in a restaurant, at church, at a relative’s house — all digital devices get turned facedown or put in a pocket. By doing this, we immediately increased opportunities for personal connection and decreased opportunities for distraction. This simple but proven strategy has cut my daughter’s Snapchat time considerably.
  3. Establish a Snapchat curfew. Given the opportunity, teens will Snapchat until the sun comes up. Don’t believe me? Ask them. If not for the body’s physical need for sleep, they’d happily Snapchat through the night. Consider a curfew for devices. This rule will immediately begin to wean your child’s need to Snapchat around the clock.
  4. Track Snapchat time. Investing in software such as McAfee® Safe Family is an option when trying to strike a healthy tech balance. The software will help with time limits, website filtering, and app blocking. There is also helpful time tracking apps. For the iPhone, there’s Moment, and for Android, there’s Breakfree. Both apps will track how much time you spend on your phone. Seeing this number — in hours — can be a real eye-opener for both adults and kids.toni page birdsongToni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Too Much Tech: 4 Steps to Get Your Child to Chill on Excessive Snapchatting appeared first on McAfee Blogs.

This Week in Security News: Facebook and Feds

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Facebook’s chief security officer resigned as Facebook steps up its cybersecurity efforts. Also, Feds indicted three Ukrainians charged with stealing data on 15 million payment cards from more than 100 companies.

Read on to learn more.

Reddit breach exposes non-critical user data

Reddit recently announced that it suffered a security breach in June that exposed some of its internal systems to the attackers, although what was accessed was not particularly sensitive.

Virtualization Flaw Uptick: It’s ‘Just Getting Underway’

Virtualization vulnerabilities are seeing a huge surge this year as security researchers start to truly take the microscope to the full range of virtualization software.

Is chat putting your business at risk?

Now that corporate activities are increasingly taking place outside of the office, technology that enables real-time communication and collaboration among office workers is absolutely essential.

Security by Design: DevOps in the Era of the GDPR

Enterprises are increasingly adopting DevOps. In fact, 50 percent of surveyed organizations in 2017 were already implementing and expanding DevOps-related initiatives.

Homeland Security Unveils Center to Combat Cyberthreats

The Department of Homeland Security unveiled a National Risk Management Center, an effort to fight cyberthreats and protect U.S.’ infrastructure through cooperation between public and private sectors.

Adversarial Sample Generation: Making Machine Learning Systems Robust for Security

A new method of enhancing an ML system to counter evasion tactics is generating adversarial samples, which are input data modified to cause an ML system to incorrectly classify it.

Phishing, Part 1: On the Lookout

Trend Micro has put together a handy two-part guide giving you the lowdown on phishing attacks—what they’re designed to do, what they look like, and how you can avoid getting caught by the hoax.

Phishing, Part 2: Staying Safe

Phishing and its variants was the third most popular cybercrime type in 2017, representing nearly $30m in victim losses.

Facebook’s Security Chief to Depart for Stanford University

Facebook’s CSO, Alex Stamos, will exit the social network this month as Facebook steps up its efforts to combat misinformation and foreign interference in the November midterm elections.

Which Specific Malware Trends Should American Businesses be Prepared for?

Based on information from Trend Micro™ Smart Protection Network™, we’ve identified three top trends within the threat landscape that hit a majority of enterprise victims during the first months of 2018.

Feds Indict Three Ukrainians For Cyberattacks on 100+ Companies

U.S. law enforcement announced the arrests of three leading members of a prolific cybercrime group believed responsible for stealing data on 15 million payment cards from more than 100 companies.

Do you think Machine Learning could give businesses more control over their internet security? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Facebook and Feds appeared first on .

Facebook CSO Alex Stamos leaves to join Stanford Uni

Facebook Chief Security Officer Alex Stamos has announced that he’s leaving the company on August 17 and will be joining Stanford University full-time as a teacher and researcher. “I have had the pleasure of lecturing at Stanford for several years, and now I will have the honor of guiding new generations of students as an Adjunct Professor at the Freeman-Spogli Institute for International Studies,” he said. “I will also continue my work understanding and preventing … More

The post Facebook CSO Alex Stamos leaves to join Stanford Uni appeared first on Help Net Security.

The Expensive Education of Mark Zuckerberg and Silicon Valley

Kara Swisher, writing for The New York Times: I kept pressing Mr. Zuckerberg on how he personally felt about the damage his creation had done. [Editor's note: Ms. Swisher is referring to her recent interview with Mark Zuckerberg.] Was he beginning to understand the power that he held, and that the world that he controlled was not such a rosy place? Facebook was "probably," he admitted, "too focused on just the positives and not focused enough on some of the negatives." Fair enough. But it was impossible to get him to acknowledge any personal pain as both the creator and the destroyer. "I mean, my emotion is feeling a deep sense of responsibility to try to fix the problem," said Mr. Zuckerberg. "In running a company, if you want to be innovative and advance things forward, I think you have to be willing to get some things wrong. But I don't think it is acceptable to get the same things wrong over and over again." It was a classic Silicon Valley engineer's roll-up-your-sleeves answer, which leaves many cold when it comes to, say, the manipulation of democracy. Fending off bad actors like the Russians has been and will be increasingly expensive; it may even be impossible. But Facebook could have done much more than it did, and it certainly needs to do more than it's doing. Mr. Zuckerberg is now trying to fend off talk in Washington of regulating his company like the thing he once told me it was: a utility. He has also spent the last month meeting over dinners with a range of academic experts on free speech, propaganda and more to try to understand where to go from here. Call it the education of Mark Zuckerberg and Silicon Valley, but on the world's dime. How much that has -- and will -- cost is probably immeasurable.

Read more of this story at Slashdot.

Facebook accidentally releases airplane reaction emoji

Facebook introduced an airplane reaction button but quickly deleted it too

If you are a regular Facebook user, you would have come across something strange this Tuesday morning on the social media platform. Besides the app’s standard post reactions—Like, Love, Haha, Wow, Sad, and Angry—some users also noticed an emoji reaction button to posts with a plane.

Soon after, users began to report that they were able to react to posts with a new airplane emoji. Apparently, the new plane emoji was only available on Facebook’s Android app and that too after clearing the app’s cache.

According to some users, the new emoji appeared only if they updated the Android app and flushed the cache in the app. Then they had to hold down the ‘like’ button in the comments section of a post, which would then show two angry face reaction icons. By clicking the second one, an airplane emoji would appear as your reaction instead. Also, everyone was able to see the reaction emoji, if someone else posted it.

It seems that the plane appears to have been designed as part of hackathon event at Facebook’s headquarters. The plane emoji was a bug and not an actual feature, Facebook said.

“This was created as part of an employee hackathon and wasn’t cleared for takeoff,” said a Facebook representative. “Our apologies.”

While Facebook has removed the plane reaction and we may never come across it unless it is officially revealed by the social media giant, it did disclose its most popular reactions back in 2017.

According to Facebook, over half of the reactions people used that year was that of the heart emoji, which was also the most used emoji on Christmas Day 2016.

The World Emoji Day 2018 that was celebrated on July 17, saw the heart emoji used twice as much as in 2017, Facebook said.

Source: Dailymail

The post Facebook accidentally releases airplane reaction emoji appeared first on TechWorm.

Facebook’s New Message to WhatsApp: Make Money

Deepa Seetharaman, writing for WSJ: Four years after Facebook bought WhatsApp for $22 billion, it is formally starting the messaging app on a new mission: bringing in revenue. WhatsApp on Wednesday detailed plans to sell advertisements and charge big companies that want to reach their customers through its service [Editor's note: the link may be paywalled: alternative source], launching its first major revenue streams as growth at Facebook's main app is starting to decelerate. The measures are aimed at connecting businesses with WhatsApp's user base of roughly 1.5 billion accounts, WhatsApp executives said. The announcements follow disagreements between Facebook leaders and WhatsApp's co-founders, Jan Koum and Brian Acton, over how to monetize the popular, free service. Mr. Koum and Mr. Acton resisted efforts to put ads in WhatsApp, and over the past year both men have decided to leave Facebook and the messaging app they started in 2009 -- a breakup that was the subject of a Page One article in The Wall Street Journal in June. [...] Next year, WhatsApp plans to show ads in its Status feature, company officials told the Journal. Status allows users to post montages of text, photos and video that appear for 24 hours -- similar to an Instagram tool called Stories. About 450 million people use WhatsApp Status, compared with about 400 million who use Instagram Stories, which already shows ads.

Read more of this story at Slashdot.

Facebook reported and blocked attempts to influence campaign ahead of midterms US elections

Facebook removed 32 Facebook and Instagram accounts and pages that were involved in a coordinated operation aimed at influencing the midterm US elections

Facebook has removed 32 Facebook and Instagram accounts and pages that were involved in a coordinated operation aimed at influencing the forthcoming midterm US elections.

Facebook midterm US elections

Facebook is shutting down content and accounts “engaged in coordinated inauthentic behavior”

At the time there is no evidence that confirms the involvement of Russia, but intelligence experts suspect that Russian APT groups were behind the operation.

Facebook founder Mark Zuckerberg announced its response to the recently disclosed abuses.

“One of my top priorities for 2018 is to prevent misuse of Facebook,” Zuckerberg said on his own Facebook page.

“We build services to bring people closer together and I want to ensure we’re doing everything we can to prevent anyone from misusing them to drive us apart.”

According to Facebook, “some of the activity is consistent” with Tactics, Techniques and Procedures (TTPs) associated with the Internet Research Agency that is known as the Russian troll farm that was behind the misinformation campaign aimed at the 2016 Presidential election.

“But we don’t believe the evidence is strong enough at this time to make public attribution to the IRA,” Facebook chief security officer Alex Stamps explained to the reporters.

Facebook revealed that some 290,000 users followed at least one of the blocked pages.

“Resisters” enlisted support from real followers for an August protest in Washington against the far-right “Unite the Right” group.

According to Facebook, fake pages that were created more than a year ago, in some cases the pages were used to promote real-world events, two of them have taken place.

Just after the announcement, the US Government remarked it will not tolerate any interference from foreign states.

“The president has made it clear that his administration will not tolerate foreign interference into our electoral process from any nation-state or other malicious actors,” deputy press secretary Hogan Gidley told reporters.

The investigation is still ongoing, but the social media giant decided to disclose early findings to shut down the orchestrated misinformation campaign.

Nathaniel Gleicher, Head of Cybersecurity Policy at Facebook, explained that the threat actors used VPNs and internet phone services to protect their anonymity.

  • “In total, more than 290,000 accounts followed at least one of these Pages, the earliest of which was created in March 2017. The latest was created in May 2018.
  • The most followed Facebook Pages were “Aztlan Warriors,” “Black Elevation,” “Mindful Being,” and “Resisters.” The remaining Pages had between zero and ten followers, and the Instagram accounts had zero followers.
  • There were more than 9,500 organic posts created by these accounts on Facebook and one piece of content on Instagram.
  • They ran about 150 ads for approximately $11,000 on Facebook and Instagram, paid for in US and Canadian dollars. The first ad was created in April 2017, and the last was created in June 2018.
  • The Pages created about 30 events since May 2017. About half had fewer than 100 accounts interested in attending. The largest had approximately 4,700 accounts interested in attending, and 1,400 users said that they would attend.” said Gleicher.

Facebook announced it would start notifying users that were following the blocked account and users who said would attend events created by one of the suspended accounts and pages

Facebook reported its findings to US law enforcement agencies, Congress, and other tech companies.

“Today’s disclosure is further evidence that the Kremlin continues to exploit platforms like Facebook to sow division and spread disinformation, and I am glad that Facebook is taking some steps to pinpoint and address this activity,” declared the Senate Intelligence Committee’s top Democrat Mark Warner.

Pierluigi Paganini

(Security Affairs – Facebook, midterm US elections)

The post Facebook reported and blocked attempts to influence campaign ahead of midterms US elections appeared first on Security Affairs.

Facebook Shuts Off Access To User Data For Hundreds of Thousands of Apps

In a blog post, Facebook said that it's shutting off access to its application programming interface for hundreds of thousands of inactive apps. This interface is what lets app developers access user data. The Verge reports: The company had set an August 1st deadline back in May, during its F8 developer conference, for developers and businesses to re-submit apps to an internal review, a process that involves signing new contracts around user data collection and verifying one's authenticity. The goal is to ensure third-party software on Facebook was in line with the company's data privacy rules and new restrictions put in place in the wake of the Cambridge Analytica scandal, in which a third-party developer siphoned user data and sold it to another firm in violation of Facebook's terms of service. Now, after it identified numerous apps that were either inactive or from developers who had not submitted the software for review, Facebook is cutting off those apps' access to its Platform API.

Read more of this story at Slashdot.

Facebook Has Identified Ongoing Political Influence Campaign: NYT

Facebook is preparing to announce that it has identified a coordinated political influence campaign, with dozens of inauthentic accounts and pages that are believed to be engaging in political activity ahead of November's midterm elections, The New York Times reported Tuesday, citing three people briefed on the matter. From the report: In a series of briefings on Capitol Hill this week, the company told lawmakers that it detected the influence campaign as part of its investigations into election interference. It has been unable to tie the accounts to Russia, whose Internet Research Agency was at the center of an indictment earlier this year for interfering in the 2016 election, but company officials told Capitol Hill that Russia was possibly involved, according to two of the officials. Facebook is expected to announce its findings on Tuesday afternoon. The company has been working with the F.B.I. to investigate the activity. Like the Russian interference campaign in 2016, the recently detected campaign dealt with divisive social issues.

Read more of this story at Slashdot.

Facebook Has Identified Ongoing Political Influence Campaign

Facebook is preparing to announce that it has identified a coordinated political influence campaign, with dozens of inauthentic accounts and pages that are believed to be engaging in political activity ahead of November's midterm elections, The New York Times reported Tuesday, citing three people briefed on the matter. From the report: In a series of briefings on Capitol Hill this week, the company told lawmakers that it detected the influence campaign as part of its investigations into election interference. It has been unable to tie the accounts to Russia, whose Internet Research Agency was at the center of an indictment earlier this year for interfering in the 2016 election, but company officials told Capitol Hill that Russia was possibly involved, according to two of the officials. Facebook is expected to announce its findings on Tuesday afternoon. The company has been working with the F.B.I. to investigate the activity. Like the Russian interference campaign in 2016, the recently detected campaign dealt with divisive social issues. Update: Facebook has confirmed the story, adding: Today we removed 32 Pages and accounts from Facebook and Instagram because they were involved in coordinated inauthentic behavior. This kind of behavior is not allowed on Facebook because we don't want people or organizations creating networks of accounts to mislead others about who they are, or what they're doing. We're still in the very early stages of our investigation and don't have all the facts -- including who may be behind this. But we are sharing what we know today given the connection between these bad actors and protests that are planned in Washington next week. We will update this post with more details when we have them, or if the facts we have change. It's clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency (IRA) has in the past. We believe this could be partly due to changes we've made over the last year to make this kind of abuse much harder.

Read more of this story at Slashdot.

Nasdaq Leads Stocks Lower as Dollar Retreats Before Central Bank Bonanza

Friday’s sudden negative shift continued to define trading so far today, with the weakness in the Nasdaq and especially the market-leading tech giants is driving returns. The major US indices opened with losses, with the Dow and the S&P 500 clearly outperforming the tech benchmark, reversing the relationship that dominated the market for months. Nasdaq […]

The post Nasdaq Leads Stocks Lower as Dollar Retreats Before Central Bank Bonanza appeared first on Hacked: Hacking Finance.

Save the Embarrassment: The Value of Two-Factor Authentication

These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 295 sites comprising 5.3 billion accounts. This includes well-known names like LinkedIn, Adobe, and MySpace. Password breaches are a cause for embarrassment; […]… Read More

The post Save the Embarrassment: The Value of Two-Factor Authentication appeared first on The State of Security.

Shareholder Sues Facebook After Stock Plunge

An anonymous reader quotes a report from Reuters: Facebook and its chief executive Mark Zuckerberg were sued on Friday in what could be the first of many lawsuits over a disappointing earnings announcement by the social media company that wiped out about $120 billion of shareholder wealth. The complaint filed by shareholder James Kacouris in Manhattan federal court accused Facebook, Zuckerberg and Chief Financial Officer David Wehner of making misleading statements about or failing to disclose slowing revenue growth, falling operating margins, and declines in active users. Kacouris said the marketplace was "shocked" when "the truth" began to emerge on Wednesday from the Menlo Park, California-based company. He said the 19 percent plunge in Facebook shares the next day stemmed from federal securities law violations by the defendants. The lawsuit seeks class-action status and unspecified damages.

Read more of this story at Slashdot.

Zuckerberg ‘Sold More Stock Than Usual’, Faces Lawsuit From Angry Investors

"Facebook executives said on Wednesday its profit margins would plummet for several years due to the cost of improving privacy safeguards and slowing usage in its top advertising markets," reports Reuters, adding that the news "wiped over $120 billion off the company's share price." One millennial options trader lost $180,000 overnight. And meanwhile CNBC reports that Facebook insiders "sold more stock than usual in the second quarter," the vast majority sold by Mark Zuckerberg, leaving some experts with mixed opinions. To be clear, insiders sold in compliance with what's known as Securities and Exchange Commission Rule 10b5-1, a preapproved selling mechanism that is completely legal. And there is no evidence to suggest they were acting on inside information about the disastrous quarter that sent Facebook's stock down nearly 20 percent Thursday. However, their timing happened to be pretty good.... "You have something that's an outlier here," said James Cox, professor at Duke University School of Law. "It happened to be a very bad quarter that they had -- it doesn't wear well." Friday Facebook and Mark Zuckerberg were sued "in what could be the first of many lawsuits over a disappointing earnings announcement by the social media company that wiped out about $120 billion of shareholder wealth." The complaint filed by shareholder James Kacouris in Manhattan federal court accused Facebook, Zuckerberg and Chief Financial Officer David Wehner of making misleading statements about or failing to disclose slowing revenue growth, falling operating margins, and declines in active users. Kacouris said the marketplace was "shocked" when "the truth" began to emerge on Wednesday from the Menlo Park, California-based company. He said the 19 percent plunge in Facebook shares the next day stemmed from federal securities law violations by the defendants. The lawsuit seeks class-action status and unspecified damages. A Facebook spokeswoman declined to comment.

Read more of this story at Slashdot.

Family Matters: How to Help Kids Avoid Cyberbullies this Summer

The summer months can be tough on kids. There’s more time during the day and much of that extra time gets spent online scrolling, surfing, liking, and snap chatting with peers. Unfortunately, with more time, comes more opportunity for interactions between peers to become strained even to the point of bullying.

Can parents stop their kids from being cyberbullying completely? Not likely. However, if our sensors are up, we may be able to help our kids minimize both conflicts online and instances of cyberbullying should they arise.

Be Aware

Summer can be a time when a child’s more prone to feelings of exclusion and depression relative to the amount of time he or she spends online. Watching friends take trips together, go to parties, hang out at the pool, can be a lot on a child’s emotions. As much as you can, try to stay aware of your child’s demeanor and attitude over the summer months. If you need help balancing their online time, you’ve come to the right place.

Steer Clear of Summer Cyberbullies 

  1. Avoid risky apps. Apps like ask.fm that allow outsiders to ask a user any question anonymously should be off limits to kids. Kik Messenger and Yik Yak are also risky apps. Users have a degree of anonymity with these kinds of apps because they have usernames instead of real names and they can easily connect with profiles that could be (and often are) fake. Officials have linked all of these apps to multiple cyberbullying and even suicide cases.
  2. Monitor gaming communities. Gaming time can skyrocket during the summer and in a competitive environment, so can cyberbullying. Listen in on the tone of the conversations, the language, and keep tabs on your child’s demeanor. For your child’s physical and emotional health, make every effort to help him or her balance summer gaming time.
  3. Make profiles and photos private. By refusing to use privacy settings (and some kids do resist), a child’s profile is open to anyone and everyone, which increases the chances of being bullied or personal photos being downloaded and manipulated. Require kids under 18 to make all social profiles private. By doing this, you limit online circles to known friends and reduces the possibility of cyberbullying.
  4. Don’t ask peers for a “rank” or a “like.” The online culture for teens is very different than that of adults. Kids will be straightforward in asking people to “like” or “rank” a photo of them and attach the hashtag #TBH (to be honest) in hopes of affirmation. Talk to your kids about the risk in doing this and the negative comments that may follow. Remind them often of how much they mean to you and the people who truly know them and love them.
  5. Balance = health. Summer means getting intentional about balance with devices. Stepping away from devices for a set time can help that goal. Establish ground rules for the summer months, which might include additional monitoring and a device curfew.

Know the signs of cyberbullying. And, if your child is being bullied, remember these things:

1) Never tell a child to ignore the bullying. 2) Never blame a child for being bullied. Even if he or she made poor decisions or aggravated the bullying, no one ever deserves to be bullied. 3) As angry as you may be that someone is bullying your child, do not encourage your child to physically fight back. 4) If you can identify the bully, consider talking with the child’s parents.

Technology has catapulted parents into arenas — like cyberbullying — few of us could have anticipated. So, the challenge remains: Stay informed and keep talking to your kids, parents, because they need you more than ever as their digital landscape evolves.

toni page birdsong

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Family Matters: How to Help Kids Avoid Cyberbullies this Summer appeared first on McAfee Blogs.

Facebook’s ‘Downvote’ System Begins Rolling Out Wider In US

Facebook is reportedly rolling out its "downvote" button to a wider group of users in the United States. "The feature began appearing on the service's mobile app without a formal company announcement -- and we only found out about it by browsing on our phones," reports Ars Technica. From the report: The feature appears to currently be limited to "public" posts. Should your account be flagged for this week's test, every comment in a thread will include a numeric value and small up- and down-arrows connected to that number. Upon the first display of this Reddit-like change, the Facebook app will offer guidance: "Support comments that are thoughtful, and demote ones that are uncivil or irrelevant." This is in addition to the site's long-running "emotion" interface, which lets users tap "like" or emoji-styled buttons. These icons and numbers still attach to posts as they've done for years. Now an additional value based on up- and down-votes, appears as well, and these values are separate. Meaning, if you tap the "like" button and down-vote on the same comment, those actions don't cancel each other out. As of press time, these up- and down-vote numbers are not visible if your account is not flagged for the test. We have not yet seen this feature go live on any versions of the Facebook Android app.

Read more of this story at Slashdot.

Facebook Stock Suffers Largest One-Day Drop In History, Shedding $119 Billion

Facebook is experiencing one its worst days as a publicly traded company. According to CNBC, Facebook lost about $119 billion of its value on Thursday, marking the biggest one-day loss in U.S. market history. From the report: The company's shares plunged $41.24, or almost 19 percent, to $176.26 a day after the social media giant reported disappointing results. The slide is the largest decline in market capitalization in history, exceeding Intel's $91 billion single-day loss in September 2000, according to Bloomberg data. Founder and CEO Mark Zuckerberg saw his fortune drop by $15.9 billion to roughly $71 billion. His personal loss alone, if only on paper, exceeds the value of companies such as Molson Coors and Macy's, which have market values of $14 billion and $12 billion, respectively. Investors were spooked by Facebook's forecast showing that its number of active users is growing less quickly than expected, while the company also took a hit from Europe's new privacy laws.

Read more of this story at Slashdot.

Facebook launches ‘Watch Party’ to all groups around the world

Facebook’s Watch Party Lets Users Stream Videos With Friends

Facebook has launched a new feature called ‘Watch Party’ to all Facebook Groups around the globe and will be available across mobile and desktop platform. This new feature allows members of the Facebook groups to join in and watch videos on the social network platform together in real time, and comment.

Facebook had been testing the ‘Watch Party’ feature for almost six months now and the company has plans to release the feature sometime in the future, which could see it compete against Google’s YouTube in the video streaming sector.

“Watch Party is a new way for people to watch videos on Facebook together in real time. Once a Watch Party is started, participants can watch videos, live or recorded, and interact with one another around them in the same moment. We’ve been focused on building new ways to bring people together around video, create connections, and ignite conversations; Watch Party is the next step in bringing this vision to life,” Erin Connolly, Product Manager at Facebook, said in a blog post.

Facebook says Watch Parties are great for both small groups of friends and family members, as well as large organizations hosting Q&A sessions and more.

Watch Party will not be limited to Facebook groups alone, Facebook revealed. The company is now planning to roll out the feature for Pages, which normally refer to profiles of public figures and other organizations.

“We are now starting to test the ability for people to start to Watch Parties with friends outside of groups, too, and we’ll explore Watch Parties for Pages in the future,” Connolly said.

“We believe that if people can start a Watch Party directly from their profile or from a video they’re watching, the experience of watching video on Facebook can become even more fun and social,” Connolly added.

Based on the feedback collected from Facebook groups, the social media giant has added the following two new features on the global launch, which were not included during the test phase:

Co-hosting – This feature allows the host of a Watch Party designate other co-hosts who can add videos and keep the party going.

Crowdsourcing – This feature lets anyone in a Watch Party suggest videos for the host to add to the Watch Party.

Check out the demo below to know how to start a Watch Party on Facebook.

Further, Facebook has lined up a selection of Watch Parties to celebrate its launch. To check the latest Weekend of Watch Party happenings, click here.

The post Facebook launches ‘Watch Party’ to all groups around the world appeared first on TechWorm.

Facebook Crashes After-Hours Despite Trade-Deal Rally

Stocks markets had a volatile session with a blowout finish, especially in the US today, with the major indices finishing with substantial gains, taking out important resistance levels in the process. The US-EU trade talks were in the center of attention, while quarterly earnings also continued to make waves across the globe. DOW 30, 4-Hour […]

The post Facebook Crashes After-Hours Despite Trade-Deal Rally appeared first on Hacked: Hacking Finance.

Facebook Shares Drop On Revenue Miss

Zorro shares a report from CNBC: Facebook missed projections on revenue and global daily active users this quarter after struggling with data leaks and fake news scandals. The company reported its second-quarter earnings after the bell on Wednesday. Shares were down as much as 10 percent. CNBC summarizes the results: Earnings per share: $1.74 vs. $1.72 per a Thomson Reuters consensus estimate Revenue: $13.23 billion vs. $13.36 billion per a Thomson Reuters consensus estimate Global daily active users (DAUs): 1.47 billion vs. 1.49 billion, according to a StreetAccount and FactSet estimate North American DAUs: 185 million vs. 185.4 million, according to a FactSet estimate European DAUs: 279 million vs. 279.4 million, according to a FactSet estimate Average revenue per user (ARPU): $5.97 vs. $5.95, according to a StreetAccount and FactSet estimate

Read more of this story at Slashdot.

Episode 105: Is Trolling a Human Rights Abuse? Also: the Do’s and Dont’s of Ransomware Negotiation

In this week’s podcast: a report out last week from The Institute for the Future makes clear that state sponsored trolling has gone global and is now a go-to tool for repressive regimes worldwide, constituting a new form of human rights abuse. Ben Nimmo of The Atlantic Council joins us to discuss. Also: ransomware is one of the most...

Read the whole entry... »

Related Stories

Cyber Security Roundup for July 2018

The importance of assuring the security and testing quality of third-party provided applications is more than evident when you consider an NHS reported data breach of 150,000 patient records this month. The NHS said the breach was caused by a coding error in a GP application called SystmOne, developed by UK based 'The Phoenix Partnership' (TTP). The same assurances also applies to internally developed applications, case-in-point was a publically announced flaw with Thomas Cook's booking system discovered by a Norwegian security researcher. The research used to app flaw to access the names and flights details of Thomas Cook passengers and release details on his blog. Thomas Cook said the issue has since been fixed.

Third-Third party services also need to be security assured, as seen with the Typeform compromise. Typeform is a data collection company, on 27th June, hackers gained unauthorised access to one of its servers and accessed customer data. According to their official notification, Typeform said the hackers may have accessed the data held on a partial backup, and that they had fixed a security vulnerability to prevent reoccurrence. Typeform has not provided any details of the number of records compromised, but one of their customers, Monzo, said on its official blog that is was in the region of 20,000. Interestingly Monzo also declared ending their relationship with Typeform unless it wins their trust back. Travelodge one UK company known to be impacted by the Typeform breach and has warned its impacted customers. Typeform is used to manage Travelodge’s customer surveys and competitions.

Other companies known to be impacted by the Typeform breach include:

The Information Commissioner's Office (ICO) fined Facebook £500,000, the maximum possible, over the Cambridge Analytica data breach scandal, which impacted some 87 million Facebook users. Fortunately for Facebook, the breach occurred before the General Data Protection Regulation came into force in May, as the new GDPR empowers the ICO with much tougher financial penalties design to bring tech giants to book, let's be honest, £500k is petty cash for the social media giant.
Facebook-Cambridge Analytica data scandal
Facebook reveals its data-sharing VIPs
Cambridge Analytica boss spars with MPs

A UK government report criticised the security of Huawei products, concluded the government had "only limited assurance" Huawei kit posed no threat toUK national security. I remember being concerned many years ago when I heard BT had ditched US Cisco routers for Huawei routers to save money, not much was said about the national security aspect at the time. The UK gov report was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was set up in 2010 in response to concerns that BT and other UK companies reliance on the Chinese manufacturer's devices, by the way, that body is overseen by GCHQ.

Banking hacking group "MoneyTaker" has struck again, this time stealing a reported £700,000 from a Russia bank according to Group-IB. The group is thought to be behind several other hacking raids against UK, US, and Russian companies. The gang compromise a router which gave them access to the bank's internal network, from that entry point, they were able to find the specific system used to authorise cash transfers and then set up the bogus transfers to cash out £700K.


NEWS

Facebook Notification Spam Has Crossed the Line

Facebook has always nudged truant users back to its platform though emails and notifications. But recently, those prods have evolved beyond comments related to activity on your own profile. From a report: Now Facebook will nag you when an acquaintance comments on someone else's photo, or when a distant family member updates their status. The spamming has even extended to those who sign up for two-factor authentication -- which is a great way to turn people off to that extra layer of security. "The part of it that bugs me is that two-factor authentication is something [Facebook] should be encouraging people to use, but instead the way this is working here is that they're driving people away from two-factor and making people less secure," says Matt Green, a professor at the Johns Hopkins University Information Security Institute, who has done contracted security work for Facebook in the past. "It's abusive, people's attention is deliberately tweaked by what looks like a two-factor authentication message." Green says he's received near-daily SMS messages from Facebook since January alerting him that one of his friends performed some action on the platform. Before he started receiving the messages, Green says he hadn't logged into Facebook for a long time and had actually forgotten his password. The weirdest part about the SMS notifications is what happens if you reply to them. If you respond, your message is posted to your own profile. Further reading: Facebook Really Wants You To Come Back, Facebook Is Spamming Users Via Their 2FA Phone Numbers, and Facebook Makes Moves On Instagram's Users.

Read more of this story at Slashdot.

Facebook, Google, Microsoft, and Twitter Launch the Data Transfer Project

Facebook, Google, Microsoft, and Twitter have teamed up for a new open source project that strives to make it easier to transfer your data between online services. From a report: The Data Transfer Project (DTP) was officially founded last year, and there have been whisperings about it on the likes of GitHub, but the initiative was officially unveiled today with its first four members. The DTP is actively seeking other members too. The ultimate aim of the Data Transfer Project is to improve data portability, allowing users to not only download their data but transfer it directly to any other service.

Read more of this story at Slashdot.

Zuckerberg: If Someone Gets Fired For Data Abuse ‘It Should Be Me’

Mark Zuckerberg isn't planning to fire himself. At least, not at the moment. From a report: During an interview with Recode's Kara Swisher published Wednesday, the Facebook CEO touched on Russians interfering with US elections, misinformation, data breaches, the company's business model and more. When asked by Swisher who's to blame for the Cambridge Analytica scandal and related data misuse, Zuckerberg said he "designed the platform, so if someone's going to get fired for this, it should be me." Swisher followed up by asking if he was going to fire himself. "Not on this podcast right now," he said. Zuckerberg also defended the social media platform's decision not to kick off conspiracy theory-peddling websites like the far-right InfoWars. From a report: Zuckerberg said that instead of banning websites outright, the company removes individual posts that violate Facebook's terms of service. Posts promoting violence are particularly likely to be taken down, he added. Zuckerberg, who is Jewish, said even Holocaust deniers have a place on the platform as long as they genuinely believe the content they share. "I find that deeply offensive," he said. "But at the end of the day, I don't believe that our platform should take that down because I think there are things that different people get wrong. I don't think that they're intentionally getting it wrong."

Read more of this story at Slashdot.

Microsoft tops list of brands impersonated by phishers

The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, says email security company Vade Security. The company credits the surging of adoption of Microsoft Office 365 for this unfortunate statistic. “It’s clear that Office 365 has become the number one target for corporate phishing attacks,” the company explained. “The reason is that it’s highly profitable to compromise an Office 365 account. Hackers see email-based attacks as an easy entry … More

The post Microsoft tops list of brands impersonated by phishers appeared first on Help Net Security.

Facebook defends itself against report it allowed hate speech for financial gain

Facebook has denied allegations by a by a U.K. news outlet that it gave preferential treatment to some pages that promote hate speech because of financial interest, saying that creating a safe environment for its users remains a top priority. The social media giant Tuesday defended itself against a TV report on Channel 4 in the United Kingdom...

Read the whole entry... »

Related Stories

A week in security (July 9 – July 15)

Last week, we talked about domestic abuse fuelled by IoT, doing threat intel programs right, blocking ICO fraud, and man-in-the-middle attacks. We also explained why we block shady ad blockers and provided tips to online shoppers for Prime Day.

Other news:

Stay safe, everyone!

The post A week in security (July 9 – July 15) appeared first on Malwarebytes Labs.

Facebook Makes Moves On Instagram’s Users

Facebook is trying to get Instagram users to visit its site more often by further entwining the two services. According to Instagram user Spencer Chen, the Instagram app prompted him to check out a friend's new photo on Facebook. "Chen grabbed a screenshot and posted the notification on the internet, calling it a cry for attention by the older social network," reports Bloomberg. From the report: Instagram says what Chen experienced was a product test with a small contingent of users. Still, Instagram feeds Facebook in other ways. Last year, Facebook launched its own version of an Instagram tool called Stories, which lets people post videos that disappear within 24 hours. (The feature was initially copied from Snap Inc., a competitor.) Greenfield noticed the Facebook version became more popular once it became possible for Instagram users to post their stories in both places with the click of a button. Instagram Stories' 400 million users present a significant opportunity for Facebook's advertising business, according to Ken Sena, an analyst at Wells Fargo Securities. Instagram is on track to provide Facebook with $20 billion in revenue by 2020, about a quarter of Facebook's total, he wrote to investors. And cross-posting could help Facebook's video ambitions.

Read more of this story at Slashdot.

GDPR takes its first victims

In the weeks leading up to the deadline for GDPR’s obligatory implementation, complaints to the leading data protection agencies in Europe about breaches of the new regulation piled up;and  it hasn’t taken long for the reactions, and of course, the sanctions, to appear. Facebook, which has been under scrutiny for months now, has received the first large sanction for not following the data processing standards found in the legislation.

And the fact is that two months after the GDPR came into force, data protection is still causing real headaches in many companies, both in Europe and further afield. Not only have we seen cases of intentional theft of data, but we’ve also seen cases where data has been lost due to internal cybersecurity carelessness.

And now we know the consequences of one of the cases of personal data abuse that has generated most interest among the public in the last few months: Facebook and Cambridge Analytica. A controversy that affected over 87 million users whose personal information was collected by the consulting firm without their express consent, and then sold to third parties, who supposedly used it to benefit Donald Trump’s presidential campaign.

Now, the Information Commissioner’s Office (ICO) in the UK has given Facebook a fine, the first the social network has received in relation to this scandal.  The £500,000 (€564,951.15) fine is the maximum stipulated by the country’s data protection laws.  This amount is probably not enough to make a dent in Facebook’s finances: the company is able to earn the same amount every five and a half minutes.

The IOC ruled that Facebook failed to safeguard its users’ data, and that it failed to be transparent with how it used this data or the interests that lay behind this abuse. The IOC will also bring criminal action against SCL Elections, Cambridge Analytica’s parent company.

So what has been the outcome of all this? The social network must pay the fine, although it is undoubtedly a minimal fine in comparison with the magnitude of the scandal.  It’s worth remembering that the GDPR can impose fines of up to 4% of a company’s annual turnover. This means that, had this been a sentence within the framework of the European Union, Facebook could have faced a fine of €1,581,863,215, significantly higher than the one imposed by the UK.

This is not an isolated case

While the Facebook controversy is making headlines, there are many other cases of abuse of data that have come to light in the last few months.

In September 2017, Equifax was implicated in one of the largest data breaches in history, when personal data of over 142 million people was leaked.  If we suppose that the company would have received the highest sanction possible under GDPR, Equifax would have faced the astronomical fine of 124 million dollars.

An even bigger case in terms of the amount of data affected was Exactis, a US marketing company. At the end of June, a database with 340 million individual records containing personal data was left exposed on the Internet without authentication.  This means that anyone could have accessed the database and its content.

Timehop was involved in another significant breach that exposed the data of 21 million users on July 4. The hacker that stole the data was able to gain access thanks to a cloud storage account that didn’t use multi-factor authentication. The company has stated that it contacted data protection officials shortly after the discovery of the breach.

It is clear that the economic sanctions that the GDPR entails are no trifling matter, and that, despite the increased interest in the subject of data protection, the problems surrounding the handling of personal information (PII) aren’t going to go away overnight.  But…

How can you avoid getting on the wrong side of GDPR?

If you’re worried about your company’s IT security, you’ll  be interested to find out about Panda Adaptive Defense, the advanced cybersecurity suite that incorporates Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions with 100% Attestation and Threat Hunting & Investigation services. The combination of these solutions and services provides a detailed overview of all activities on every endpoint, total control of running processes, and reduction of the attack surface.

Panda Adaptive Defense has modules created specifically to stop access, modification and exfiltration of both internal and external information.  Because Panda Data Control is able to discover, audit and monitor unstructured personal data on endpoints: from data at rest, to data in use and data in motion.

It stops uncontrolled access to your company’s sensitive data and helps you to company with the new data protection rules found in the GDPR.

The post GDPR takes its first victims appeared first on Panda Security Mediacenter.

Facebook faces £500,000 fine in the U.K. over Cambridge Analytica scandal

Facebook has been fined £500,000 ($664,000) in the U.K. for its conduct in the Cambridge Analytica privacy scandal.

Facebook has been fined £500,000 in the U.K., the maximum fine allowed by the UK’s Data Protection Act 1998, for failing to protect users’ personal information.

Facebook- Cambridge Analytica

Political consultancy firm Cambridge Analytica improperly collected data of 87 million Facebook users and misused it.

“Today’s progress report gives details of some of the organisations and individuals under investigation, as well as enforcement actions so far.

This includes the ICO’s intention to fine Facebook a maximum £500,000 for two breaches of the Data Protection Act 1998.” reads the announcement published by the UK Information Commissioner’s Office.

“Facebook, with Cambridge Analytica, has been the focus of the investigation since February when evidence emerged that an app had been used to harvest the data of 50 million Facebook users across the world. This is now estimated at 87 million.

The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information. It also found that the company failed to be transparent about how people’s data was harvested by others.”

This is the first possible financial punishment that Facebook is facing for the Cambridge Analytica scandal.

“A significant finding of the ICO investigation is the conclusion that Facebook has not been sufficiently transparent to enable users to understand how and why they might be targeted by a political party or campaign,” reads ICO’s report.

Obviously, the financial penalty is negligible compared to the gains of the giant of social networks, but it is a strong message to all the company that must properly manage users’ personal information in compliance with the new General Data Protection Regulation (GDPR).

What would have happened if the regulation had already been in force at the time of disclosure?

According to the GDPR, the penalties allowed under the new privacy regulation are much greater, fines could reach up to 4% of the global turnover, that in case of Facebook are estimated at $1.9 billion.

“Facebook has failed to provide the kind of protections they are required to under the Data Protection Act.” Elizabeth Denham, the UK’s Information Commissioner said. “People cannot have control over their own data if they don’t know or understand how it is being used. That’s why greater and genuine transparency about the use of data analytics is vital.” 

Facebook still has a chance to respond to the ICO’s Notice of Intent before a final decision on the fine is made.

“In line with our approach, we have served Facebook with a Notice setting
out the detail of our areas of concern and invited their representations on
these and any action we propose. ” concludes the ICO update on the investigation published today by Information Commissioner Elizabeth Denham.

“Their representations are due later this month, and we have taken no final view on the merits of the case at this time. We will consider carefully any representations Facebook may wish to make before finalising our views,”

Pierluigi Paganini

(Security Affairs – Facebook, Cambridge Analytica)

The post Facebook faces £500,000 fine in the U.K. over Cambridge Analytica scandal appeared first on Security Affairs.

Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal

The Information Commissioner’s Office (ICO) announced its plan to fine Facebook £500,000 over the Cambridge Analytica data scandal. On 10 July, the ICO published a progress report on its investigation into the Cambridge Analytica incident. The report, entitled “Investigation into the use of data analytics in political campaigns,” explained that the ICO had sent a […]… Read More

The post Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal appeared first on The State of Security.

Smashing Security #085: Doctor Who, Facebook patents, and Bob’s Burgers

Smashing Security #085: Doctor Who, Facebook patents, and Bob's Burgers

Doctor Who’s TARDIS has sprung a data leak, Facebook’s creepy patents are unmasked, and an app to keep women safe on dates has surprising origins.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Google and Facebook Used in Phishing Campaigns

Google and Facebook Used in Phishing Campaigns

We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of scams, however, phishing scam messages are designed to be deceiving. They use methods that appear valid or of some urgent matter, encouraging its victim to hand over their data.

Phishing Campaigns

Phishing attempts happen in many ways, such as:

  • deceptive email campaigns,
  • suspicious SMS alerts (called smishing),
  • fake websites designed to look and sound authentic, and more.

Continue reading Google and Facebook Used in Phishing Campaigns at Sucuri Blog.

What Parents Need to Know About the Popular App Mappen

Kids love their apps but in their excitement to download the new ones, app safety often falls straight off their radar. One of those new, fun, not-so-safe apps is Mappen.

Kids, pre-teens specifically, are jumping on Mappen to connect with friends nearby and, as the app’s tagline encourages, “Make Things Happen.” The location-based app allows friends to see each other’s location, what they are doing, and make it easy to meet up. Sounds like fun except for the fact that the app is brimming with potential security flaws.

How It Works

Anyone who downloads the Mappen app can send a friend request to anyone else and begin sharing his or her location (and data) immediately. While on Mappen, friends can share updates and photos much like any other social network. Personal data that can be shared: names, birthdates, location, likes, dislikes, photos, and friend lists.

Once a user installs the app (icon, right), he or she is asked to turn on location services that must remain on to share location, see others, and post content updates. The app also asks to access a user’s full contact list before it can be used.

The Risks

While many location-based apps exist now, Mappen specifically targets tweens. Mappen’s privacy policy states clearly that it collects and shares data, which presents a privacy risk to minors who use the app.

Likewise, the location requirement to use the app poses a safety risk. This feature means anyone on your child’s friend list can see your child’s location at any time. As your child’s Mappen circle grows, so too might the chance of your child sharing his or her location and personal information with an unsafe “friend.”

Tips to Help Boost App Safety

Stay connected with your kids. The greatest risk to your child’s online safety is a strained relationship. Every family dynamic and circumstance varies, but consider doing all you can to make your relationship with your child a priority. When communication and trust are strong with your child, you will better know what’s going on in his or her life, whom their friends are, and if there’s a situation in which they might need help.

Monitor apps! The best way to know which apps your kids use and how they use them is to routinely monitor their phones. How do you do this? You do this physically and with technology. About once a week, look at your child’s phone and laptop or tablet (preferably with your son or daughter next to you), look at the display screen, examine the app icons, and ask questions. If you don’t recognize an app, click it open, or ask questions. Also, if there’s an app icon you click that asks for a password, it may be a vault app that requires a few more clicks or a conversation. Another way to monitor apps is using technology such as filtering software that will help you filter and track the content that comes into your home via your child’s devices.

Do your research, stay aware. Stay on top of trends in apps by reading this and other technology or family blogs. New apps come out all the time, and word-of-mouth among teens quickly spreads. One of the best ways to keep your kids safe online is to understand where they connect online and what risks those digital spaces may present. Potential risks to be aware of that some apps may carry potential privacy infringements, cyberbullying, pornography, phishing scams, malware, predators, and sex-related crimes.

Turn off location. Mappen, as well as other apps such as Facebook, Kik, and Snapchat, access a user’s location while using the app and even when the app is not in use. To ensure your location isn’t shared randomly, turn off location when apps are not in use. Depending on the age of your child, you may consider not allowing the use of location-based apps at all.

Say NO to random friend requests. It’s easy for criminals to create a fake profile and gain access into your child’s life. An attractive peer from a nearby town who wants to “connect” may be a catfish using another person’s identity or a predator looking to groom a vulnerable tween or teen.

Guard your child’s privacy. When your child shares personal information through an unsafe app, it opens up them up, and it opens up your entire family to risk. Often kids get comfortable online and forget — or don’t fully understand — the problem with sharing personal details. Review the importance of keeping details such as full name, school, birthdates, address, personal photos, and other family information private.

The post What Parents Need to Know About the Popular App Mappen appeared first on McAfee Blogs.

Summer Refresh: Take Time to Relax but Not on Password Security

With summer comes permission to relax a little more, sun a little more, and fun a little more. But, as Newton’s Third Law reminds us, for every action, there is an equal and opposite reaction. Apply that principle to online safety and it might read like this: Each time you relax your family’s digital security a little, there’s a hacker nearby who will step up his or her schemes accordingly.

If your summer routine includes more traveling, online gaming, or time for social connecting, your first line of digital defense is strong, unhackable passwords.

Now is a great time to pump up those passwords to make sure your summer playlist streams seamlessly and summer goes off without a hitch. (Note: If you feel confident in your password strength, type your email address into the site ;– Have I been pwned? to see if your passwords have been compromised).

5 Tips to Pump Up Your Password Strength

  1. Think strength. It’s never too late to put serious thought into creating strong passwords. Begin today. Visualize your password as a superhero. Because of their strength, superheroes like Hulk, Thor, or Optimus Prime can handily protect the world. Strip them of their strength, and each warrior becomes an average Joe vulnerable to the elements of evil. Strength is inherent to password power. Infuse your password with superhero strength by including numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be for a crook to crack (it’s okay to add a personal touch to your password). A few examples of a secure password might be: myDogisCr@yCr@y!!, Ilov3Gummi3B3ars!! or $oundOfMu$ic_1965.
  2. Get a password manager. If you are driving yourself crazy trying to wrangle a million passwords, a password manager will do the remembering for you. A powerful password manager will:  Generate random passwords that are difficult to guess, require Multi-Factor Authentication (MFA), auto-save and securely enter your passwords on frequented sites.
  3. Use unique passwords and MFA. If taken seriously, these two extra steps could save you a million headaches. 1) Use unique passwords for each of your accounts. By using different passwords, you avoid having all of your accounts become vulnerable if you are hacked (think domino effect). 2) MFA is Multi-Factor Authentication (also called two-step verification or authentication ). MFA confirms a user’s identityonly after presenting two or more pieces of evidence. Though not 100% secure, this practice adds a layer of security to an account.
  4. Pay attention and take action. It might be summer, but if you snooze, you will lose — privacy in this case. Be sure to pay attention to the news and know if a data breach affects your family. According to the Identity Theft Resource Center® (ITRC), the number of U.S. data breach incidents in2017 hit a new record high, rising a drastic 44.7 percent over 2016. Popular sites such as Facebook, Netflix, and Twitter have experienced breaches might easily have affected you or a member of your family.
  5. Connect carefully. So you’ve done everything you can to create strong passwords and that’s awesome! What you can’t control is how others protect your account data, which often includes passwords. Make sure that websites, platforms, and companies that have access to your sensitive information take security seriously and have privacy and security plans in place. Google the company before you establish an account to see if it has had a data breach.

What are the potential consequences of a weak password? A determined hacker can track a person’s online activity, identify and hack weak passwords then use those weak passwords to access banking information, credit card numbers, and personal data used to steal a person’s identity. Remember: Just as you go to work each morning to put food on the table for your family, a hacker has similar goals. So, work with equal diligence to protect what’s yours.

toni page birdsong

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Summer Refresh: Take Time to Relax but Not on Password Security appeared first on McAfee Blogs.

#CyberAware: 4 Actionable Steps to Boost Your Family’s Safety Online

Summer has officially rolled out its welcome mat. But as most parents might be thinking about slowing down, for most kids, summer is when digital device use goes into overdrive. That’s why June — which also happens to be Internet Safety Month — is a perfect time strengthen your family’s digital readiness.

Good news: This digital safety skills booster is quick and actionable. And who knows — if a few of these tips boost your family’s safety, you may have just saved summer for everyone!

4 Ways to Boost Family Safety Online 

Practice safe social. Challenge your family to reign in its social footprint by taking these specific actions: 1) Adjust privacy settings on all social networks. 2) Trim friend and follower lists. 3) Delete any personal data on social profiles such as birthdate, address, or school affiliation. 4) Edit, limit app permissions. As we’ve just seen in the headlines, the misuse of personal data is a very big deal. 5) Share with care. Routinely scrolling, liking, and commenting on social sites such as Snapchat and Instagram can give kids a false sense of security (and power). Remind tweens and teens to share responsibly. Oversharing can damage a reputation and words or images shared callously can damage other people.

Practice safe gaming. Summertime is a gamer’s heaven. Endless battles and showdowns await the dedicated. However, some digital pitfalls can quickly douse the fun. According to the National Cyber Security Alliance’s gaming tip sheet, safe gaming includes: updating gaming software, protecting devices from malware, protecting your child’s personal data, using voice chat safely, and paying close attention to content ratings.

Practice strong security. There are some steps only a parent can take to safeguard the family online. 1) Parental controls. Filtering software blocks inappropriate websites and apps as well as establishes boundaries for family tech use. 2) Comprehensive security software helps protect your PCs, tablets, and devices from viruses, malware, and identity theft. 3) Keeping your guard up. According to McAfee’s Gary Davis staying safe online also includes digital habits such as using strong passwords, boosting your network security and firewall, and being aware of the latest scams that target consumers.

Practice wise parenting. 1) Know where kids go. Know which apps your kids love and why, how they interact with others online, and how much time they spend online. 2) Unplug. Establish tech-free family activities this summer. Powering off and plugging into quality time is the most powerful way to keep your family safe online. Strong relationship empowers responsibility. 3) Be confident. As parenting expert, Dr. Meg Meeker says, parents should be parenting from a place of confidence, rather than from a place of fear. “The temptation for parents is to think that they have no control over what their child does online. This isn’t true,” says Meeker. “Parents, you are in control of your child’s technology use; it is not in control of you.”

toni page birdsong

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post #CyberAware: 4 Actionable Steps to Boost Your Family’s Safety Online appeared first on McAfee Blogs.

Study: Digital Self-Harm Among Teens Real; Here’s What Parents Need to Know

digital self-harmWhen we think of self-harm, most of us think about rituals such as cutting in which a person may physically cut themselves in an attempt to deal with overwhelming emotions. Very few of us, especially parents, think about self-harm manifesting itself in the digital realm. However, according to a new study published in the Journal of Adolescent Health, digital self-harm is “a new problem” that demands attention.

What is Digital Self-Harm?

Digital self-harm as defined by the Cyberbullying Research Center (CRC) is the “anonymous online posting, sending, or otherwise sharing of hurtful content about oneself.” A child engages in digital self-harm by creating a fake account that he or she then uses to post mean comments to his or her real social account — comments visible to the public. An example of digital self-harm might be a child posting anonymous comments to oneself such as: “You are a waste of space. Why don’t you just die?” or “You are so ugly, why do you keep posting pictures of yourself?”

Digital self-harm, more simply put, is self-cyberbullying. Digital self-harm has allegedly been linked to two high-profile bullying cases that ended in the self-bullying teens committing suicide. According to the study, 6% of teens surveyed admitted to digital self-harm and males were significantly more likely to take part in digital self-harm (7.1% compared to 5.3%).

Possible Motivations

The CRC study suggested that some kids (in their own words) engaged in digital self-harm to be funny, get attention, or because they had low self-esteem, self-hate or hoped to get a reaction from friends. In a recent NPR story, psychologists nodded to the motivation behind self-harm as the need for others to worry about them, to prove how tough they were, or to get an adult’s or their peers’ attention. One student cited in the NPR story said she posted bullying comments to herself as a way to “beat others to the punch,” in potentially rejecting her. Whatever the reasons for posting self-harming statements or threats, doing so rings an alarm for parents, educators, counselors, and law enforcement.

According to Cyberbullying Research Center’s study authors Sameer Hinduja and Justin W. Patchin, study takeaways include the fact that 1) Parents shouldn’t ignore the possibility that a hurtful message received online by their child was sent by their child. 2) Educators, law enforcement officers, or others charged with investigating cyberbullying incidents should remain open to the possibility of digital self-harm, and conduct a thorough examination of all available evidence to get to the bottom of the incident. 3) Any time a student experiences cyberbullying, there is a problem that needs to be resolved. Even if—no, especially if—the sender and receiver are the same person.

What Parents Can Do

Monitor social media. Self-harm — digital or otherwise — is serious. Whatever the motivation behind the act may be, digital self-harm highlights a deeper hurt that’s manifesting publically that needs immediate attention. One way parents can know if their child is self-harming is to monitor social media paying close attention to the tone of the social interactions. Go a step further than reading your child’s posts. Look at the comments closely. If there’s a negative or threatening comment, examine the attached account. Is it a real account? Ask your child about the person who posted the comments. Using a filtering tool to consistently know what apps your child uses may help you monitor more consistently and thoroughly.

Avoid judgment. The reasons why a child may engage in digital self-harm can vary from serious emotional issues to a passing curiosity. If you find your child is digitally self-harming, avoid being judgmental. It’s tempting to panic and respond by shutting down all your child’s social media, but don’t. Talk the issue through and try to get to the reasons behind the action. Validate your child’s emotions without diminishing them. You don’t have to agree with the way your child expresses his or her feelings, however, validation shows support and helps your child feel heard and understood. Assess the seriousness of the situation and, if necessary, promptly, get professional help from a counselor or therapist.

Listen, observe. Listening is perhaps one of the most underutilized connection tools a parent possesses. We can gather much about our child’s emotional and social health by listening more we talk in a conversation. Pay attention to body language and tone. Understand the signs of depression or emotional distress in your teen. According to HelpGuide.org, signs of depression in teens can include sadness or hopelessness, irritability/anger, tearfulness, isolation, loss of interest in schoolwork or friends, lack of motivation, changes in eating or sleeping, abnormal fatigue or complaints of body aches, thoughts or jokes about death or suicide. If you suspect that a teenager is suicidal, take immediate action. For 24-hour suicide prevention and support in the U.S., call the National Suicide Prevention Lifeline at 1-800-273-TALK.

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Study: Digital Self-Harm Among Teens Real; Here’s What Parents Need to Know appeared first on McAfee Blogs.

Trivia Time: Test Your Family’s Password Safety Knowledge

Strong PasswordPasswords have become critical tools for every citizen of the digital world. Passwords stand between your family’s gold mine of personal data and the entirety of the internet. While most of us have a love-hate relationship with passwords, it’s beneficial to remember they do serve a powerful purpose when created and treated with intention.

But asking your kids to up their password game is like asking them to recite the state capitals — booooring! So, during this first week of May as we celebrate World Password Day, add a dash of fun to the mix. Encourage your family to test their knowledge with some Cybersavvy Trivia.

Want to find out what kind of password would take two centuries to crack? Or, discover the #1 trick thieves use to crack your password? Then take the quiz and see which family member genuinely knows how to create an awesome password.

We’ve come a long way in our understanding of what makes a strong password and the many ways nefarious strangers crack our most brilliant ones. We know that unique passwords are the hardest to crack, but we also know that human nature means we lean toward creating passwords that are also easy to remember. So striking a balance between strong and memorable may be the most prudent challenge to issue to your family this year.

Several foundational principles remain when it comes to creating strong passwords. Share them with your family and friends and take some of the worries out of password strength once and for all.

5 Password Power Principles

  1. Unique = power. A strong password includes numbers, lowercase and uppercase letters, and symbols. The more complicated your password is, the more difficult it will be to crack. Another option is a password that is a Strong Passwordpassphrase only you could know. For instance, look across the room and what do you see? I can see my dog. Only I know her personality; her likes and dislikes. So, a possible password for me might be #BaconDoodle$. You can even throw in a misspelling of your password to increase its strength such as Passwurd4Life. Just be sure to remember your intentional typos if you choose this option.
  2. Diverse = power. Mixing up your passwords for different websites, apps, and accounts can be a hassle to remember but it’s necessary for online security. Try to use different passwords for online accounts so that if one account is compromised, several accounts aren’t put in jeopardy.
  3. Password manager = power. Working in conjunction with our #2 tip, forget about remembering every password for every account. Let a password manager do the hard work for you. A password manager is a tech tool for generating and storing passwords, so you don’t have to. It will also auto-log you onto frequently visited sites.
  4. Private = power. The strongest password is the one that’s kept private. Kids especially like to share passwords as a sign of loyalty between friends. They also share passwords to allow friends to take over their Snapchat streaks if they can’t log on each day. This is an unwise practice that can easily backfire. The most Strong Passwordpowerful password is the one that is kept private.
  5. 2-step verification = power. Use multi-factor (two-step) authentication whenever possible. Multiple login steps can make a huge difference in securing important online accounts. Sometimes the steps can be a password plus a text confirmation or a PIN plus a fingerprint. These steps help keep the bad guys out even if they happen to gain access to your password.

It’s a lot to manage, this digital life but once you’ve got the safety basics down, you can enjoy all the benefits of online life without the worry of your information getting into the wrong hands. So have a fun and stay informed knowing you’ve equipped your family to live their safest online life!

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Trivia Time: Test Your Family’s Password Safety Knowledge appeared first on McAfee Blogs.

Cyber Security Roundup for April 2018

The fallout from the Facebook privacy scandal rumbled on throughout April and culminated with the closure of the company at the centre of the scandal, Cambridge Analytica.
Ikea was forced to shut down its freelance labour marketplace app and website 'TaskRabbit' following a 'security incident'. Ikea advised users of TaskRabbit to change their credentials if they had used them on other sites, suggesting a significant database compromise.

TSB bosses came under fire after a botch upgraded to their online banking system, which meant the Spanished owned bank had to shut down their online banking facility, preventing usage by over 5 million TSB customers. Cybercriminals were quick to take advantage of TSB's woes.

Great Western Railway reset the passwords of more than million customer accounts following a breach by hackers, US Sun Trust reported an ex-employee stole 1.5 million bank client records, an NHS website was defaced by hackers, and US Saks, Lord & Taylor had 5 million payment cards stolen after a staff member was successfully phished by a hacker.

The UK National Cyber Security Centre (NCSC) blacklist China's state-owned firm ZTE, warning UK telecom providers usage of ZTE's equipment could pose a national security risk. Interestingly BT formed a research and development partnership with ZTE in 2011 and had distributed ZTE modems. The NCSC, along with the United States government, released statements accusing Russian of large-scale cyber-campaigns, aimed at compromising vast numbers of the Western-based network devices.

IBM released the 2018 X-Force Report, a comprehensive report which stated for the second year in a row that the financial services sector was the most targeted by cybercriminals, typically by sophisticated malware i.e. Zeus, TrickBot, Gootkit. NTT Security released their 2018 Global Threat Intelligence Report, which unsurprisingly confirmed that ransomware attacks had increased 350% last year.  

A concerning report by the EEF said UK manufacturer IT systems are often outdated and highly vulnerable to cyber threats, with nearly half of all UK manufacturers already had been the victim of cybercrime. An Electropages blog questioned whether the boom in public cloud service adoption opens to the door cybercriminals.

Finally, it was yet another frantic month of security updates, with critical patches released by Microsoft, Adobe, Apple, Intel, Juniper, Cisco, and Drupal.

NEWS
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
REPORTS

You vs. the Internet: 5 Hands-On Ways to Begin Safeguarding Your Family’s Privacy

Data mining. Privacy breaches. Malicious third parties. Do you ever feel like these scary sounding, albeit significant, concerns got left at the curb somewhere between carpool duty, doctor appointments, and trying to hit two softball games and a track meet in the same day?

You are far from alone. If asked, most of us would confess: Our digital safety habits aren’t keeping up with the wild pace of technology. We understand the risks to our privacy online, but few of us have the time to protect it.

Have you given up? Perhaps you believe the internet is winning and that personal privacy is an outdated, even naïve, expectation online.

That sentiment is true but only to a small extent. Here’s what’s truer: With intention, a small chunk of time — and enlisting the whole family — you can begin to rewrite your privacy future.

You can take steps toward managing (and enjoying) your technology like a boss. Here’s how to get the whole crew on board for a family-wide privacy update.

5 Hands-On Ways to Begin Safeguarding Your Family’s Online Data

  1. Call a family huddle. Change takes action. A successful family-wide privacy update will require, well, the whole family. Call a family huddle. Ask each family member to inventory all devices including phones, tablets, PCs, toys, televisions, gaming systems. This list represents vulnerabilities or points of entry. Assign responsibility to each device. Just as you’d lock windows and doors, commit to securing down digital doorways. Huddle goals: Make privacy a family priority, discuss the online risks, challenge your digital-loving pack to higher digital standards, set up a reward system for keeping family devices safe. Remember: Technology is a privilege, not a right (no matter how culture positions it to the contrary).
  2. Upgrade privacy settings on social platforms. Any social platform — be it Facebook, Instagram, Snapchat or others — requires attention when it comes to protecting personal data. Go through each app and update your privacy settings. Educate yourself on what data you are sharing and with whom. Look closely at the information you’ve willingly shared, and make adjustments from there. For kids: Wipe social profiles clean of any personal information such as school name, age, address, phone number, email, location, and any other personal content.
  3. Scrub apps, update software, add security. Technology brings with it oodles of convenience. However, as with an automobile, our tech also needs maintenance to be enjoyed responsibly. Smartphones, tablets, televisions, and PCs require regular cleaning and updating. As a family, commit to making these changes. 1) Delete unused apps 2) Select “auto update” for software on both your mobile devices and computers 3) Install (and update) robust security software that protects devices against viruses, hackers, and spyware. Useful security software should also filter offensive content, pictures, and websites.
  4. Create strong, unique passphrases. As part of your family’s overall security update, make sure to create strong passwords for family devices. What’s a strong password? According to National Institute of Standards and Technology (NIST), think in terms of a passphrase rather than a password. Passphrases should be simple, long and memorable. They should contain lowercase letters and word associations only you would know. For instance: cottoncandyskies, burntsmoresinsummer, or poetrypinkpasta.Make sure everyone from the eight-year-old to the 18-year-old understands why it’s important to use strong, unique passphrases. To reinforce this, consider a reward for family members who stay on top of their digital housekeeping.
  5. Follow-through, follow-through, follow-through! The only plan of any value is the one that is executed. So much of parenting is spent communicating goals, but effective parenting happens in following through with those goals. Be a firm, focused digital parent. Don’t just communicate the digital risks; follow through to make sure your child makes the hands-on changes listed here to protect their online data. Sit down, watch them do it. Review devices and settings. Discuss and physically check off privacy basics which include: 1) Updating privacy settings on devices and social networks 2) Use strong passphrases 3) Not sharing personal information online 4) Deleting unused apps and auto-updating software 5) Making digital privacy a personal priority.

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures). 

The post You vs. the Internet: 5 Hands-On Ways to Begin Safeguarding Your Family’s Privacy appeared first on McAfee Blogs.

Recommended Reading: Facebook’s influence on Instagram

Instagram looks like Facebook's best hope
Sarah Frier,
Bloomberg Businessweek

With all the attention on Mark Zuckerberg's visit to DC this week, it can be easy to lose sight of an important detail: Facebook also owns Instagram. Of course, this means it also has access to the photo-sharing app's massive user base. Bloomberg Businessweek has a detailed look at the relationship between the two companies as Instagram approaches 1 billion total users.

#DeleteFacebook: Do You Really Need To?

Is it time to #deleteFacebook? Facebook’s long line of dramas has many of us rethinking our dependence on Mark Zuckerberg’s largest social media platform. While many of us were alarmed at the fake news allegations last year, the recent scandal with Cambridge Analytica has us genuinely spooked and now asking ourselves this question.

The fact that Facebook allowed British data analysis firm Cambridge Analytica to tap the Facebook profiles of more than 50 million users without their knowledge has many of us questioning both our – and our children’s – relationship with the social media platform. How compromised is our privacy? What’s really happening with our data? Is our every online move really being monitored?

The immediate reaction of many is to delete their Facebook accounts and insist their kids do the same. When news broke of the Cambridge Analytica scandal, the #deleteFacebook hashtag trended heavily on Twitter. Many high profile tech types deleted their personal and business Facebook accounts and, consequently, drove the Twittersphere into a frenzy.

To #DeleteFacebook Or Not To #DeleteFacebook?

But many of us can’t really afford to be idealists. Some of us run online businesses and rely heavily on Facebook. Others use Facebook for our jobs. Many of us (and our kids) use Facebook to run our social lives – organise events and parties, remember birthdays and stay in touch with friends and family across the world. And for nearly all of us, it is our digital scrapbook that preserves our important life events, shared moments and memories. In short, we would be lost without it.

While the black and white idealist in me absolutely agrees that we should delete Facebook, the realist in me acknowledges that life is often lived in the shades of grey. Facebook has spent more than a decade making itself a deeply entrenched part of our modern society. Saying farewell to this part of your life is a decision that I believe many of us would find almost impossible to make.

So, while deleting Facebook from your online life is the most drastic way of protecting your data, there are steps you can take to keep your account more secure and your personal information more private. Here are my top recommendations:

  1. Set up new logins for each app you are using.

    Setting up a new login and password for each app you’re using is a great way to protect yourself and your data online. Login may take fractionally longer but it will help ensure your data is not shared between different services.

  2. Review your third party apps – the ones you joined using Facebook.

    Facebook has made it just so easy for us to download apps using our Facebook settings that many of us have acquired quite the collection of apps. The problem is that Facebook provides these apps with our data including our name, location, email or even our friends list. So, review these apps, people! Not sure where to start? Go to Settings > Apps > Logged in with Facebook and remove anything that doesn’t absolutely need access to your Facebook profile. You will still have to contact the app developer to ensure they have deleted the data they already have gathered on you. Tedious but worth it!

  3. Don’t overshare on social media.

    Oversharing online gets many of us including our kids into trouble and allows cybercriminals and ‘data analysis types’ the ability to form an accurate picture of us very quickly! Being conscious of what is publicly available from your social media profiles is essential. Ensure every member of the family knows to NEVER share their telephone number, address or details of their school online. Also rethink whether you really want your relationship status made public, or the city of your birth.

  4. Cull your Friends list.

    The Cambridge Analytica scandal should provide us all with a reality check about how we manage online friends. In 2015, an app entitled ‘this is your digital life’ was developed by Cambridge Professor Dr Aleksandr Kogan and then downloaded by 270,000 users. Those who opted in allowed the app access to their information – including their friends – which then gave Kogan access to the data of over 50 million Facebook users. Facebook have reportedly since changed their terms of service and claim app developers can no longer access this detail, or at least, not at the same level of detail. So, go through your friend list and delete those you barely know or who were just passing acquaintances. Do you really want to share your personal or family updates with these people?

  5. Choose a different social media platform to connect to apps.

    If an app lets you choose which account you use to login, pick one which holds limited data about its users. Twitter could be a good choice as it tends to hold less personal information about you.

And while I salute those who are bold enough to #deleteFacebook and insist their kids do so, I know that it isn’t for me. I choose to stay. I’ll navigate my way around the risks and flaws, so I can enjoy the upside – belonging to my community, keeping my job and adding to my digital scrapbook.

Till next time,

Alex x

The post #DeleteFacebook: Do You Really Need To? appeared first on McAfee Blogs.

Weekly Cyber Risk Roundup: Orbitz Breach, Facebook Privacy Fallout

One of the biggest data breach announcements of the past week belonged to Orbitz, which said on Tuesday that as many as 880,000 customers may have had their payment card and other personal information compromised due to unauthorized access to a legacy Orbitz travel booking platform.

“Orbitz determined on March 1, 2018 that there was evidence suggesting that, between October 1, 2017 and December 22, 2017, an attacker may have accessed certain personal information, stored on this consumer and business partner platform, that was submitted for certain purchases made between January 1, 2016 and June 22, 2016 (for Orbitz platform customers) and between January 1, 2016 and December 22, 2017 (for certain partners’ customers),” the company said in a statement.

Information potentially compromised includes payment card information, names, dates of birth, addresses, phone numbers, email addresses, and gender.

As American Express noted in its statement about the breach, the affected Orbitz platform served as the underlying booking engine for many online travel websites, including Amextravel.com and travel booked through Amex Travel Representatives.

Expedia, which purchased Orbitz in 2015, did not say how many or which partner platforms were affected by the breach, USA Today reported. However, the company did say that the current Orbitz.com site was not affected.

2018-03-24_ITTGroups

Other trending cybercrime events from the week include:

  • State data breach notifications: Island Outdoor is notifying customers that payment card information may have been stolen due to the discovery of malware affecting several of its websites. Agemni is notifying customers about unauthorized charges after “a single authorized user of our software system used customer information to make improper charges for his personal benefit.” The Columbia Falls School District is notifying parents of a cyber-extortion threat involving their children’s personal information. Intuit is notifying TurboTax customers that their accounts may have been accessed by an actor leveraging previously leaked credentials. Taylor-Dunn Manufacturing Company is notifying customers that it discovered cryptocurrency mining malware on a server and that a file containing personal information of those registered for the Taylor-Dunn customer care or dealer center may have been accessed. Nampa School District is notifying a “limited number” of employees and Skamania Public Utility District is notifying customers that their personal information may have been compromised due to incidents involving unauthorized access to an employee email account.
  • Data exposed: A flaw in Telstra Health’s Argus software, which is used by more than 40,000 Australian health specialists, may have exposed the medical information of patients to hackers. Primary Healthcare is notifying patients of unauthorized access to four employee email accounts. More than 300,000 Pennsylvania school teachers may have had their personal information publicly released due to an employee error involving the Teacher Management Information System.
  • Notable ransomware attacks: The city of Atlanta said a ransomware attack disrupted internal and customer-facing applications, which made it difficult for citizens to pay bills and access court-related information. Atrium Hospitality is notifying 376 hotel guests that their personal information may have been compromised due to a ransomware infection at a workstation at the Holiday Inn Sacramento. Finger Lakes Health said it lost access to its computer system due to ransomware infection.
  • Other notable events: Frost Bank said that malicious actors comprised a third-party lockbox software program and were able to access images of checks that were stored in the database. National Lottery users are being advised to change their passwords after 150 accounts were affected by a “low-level” hack. A lawsuit against Internet provider CenturyLink and AT&T-owned DirecTV alleges that customer data was available through basic Internet searches.

SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of the top trending targets are shown in the chart below.

2018-03-24_ITT

Cyber Risk Trends From the Past Week

2018-03-24_RiskScoresFacebook has faced a week of criticism, legal actions, and outcry from privacy advocates after it was revealed that the political consulting Cambridge Analytica had accessed the information of 50 million users and leveraged that information while working with the Donald Trump campaign in 2016.

“Cambridge Analytica obtained the data from a professor at the University of Cambridge who had collected the information by creating a personality-quiz app in 2013 that plugged into Facebook’s platform,” The Wall Street Journal reported. “Before a policy change in 2015, Facebook gave app creators and academics access to a treasure trove of data, ranging from which pages users liked to details about their friends.”

It isn’t clear how many other developers might have retained information harvested from Facebook before the 2015 policy change, The Journal reported. However, Mark Zuckerberg said the company may spend “many millions of dollars” auditing tens of thousands of data collecting apps in order to get a better handle on the situation.

The privacy breach has already led to regulatory scrutiny and potential lawsuits around the globe. Bloomberg reported that the FTC is probing whether data handling violated terms of a 2011 consent decree. In addition, Facebook said it would conduct staff-level briefings with six congressional committees in the coming week. Some lawmakers have called for Zuckerberg to testify as well, and Zuckerberg told media outlets that he would be willing to do so if asked.

Facebook’s stock price has dropped from $185 to $159 over the past eight days amid the controversy, and several companies have suspended their advertising on Facebook or deleted their Facebook pages altogether due to the public backlash.

Cyberbullying – How Parents Can Minimize Impact On Kids

Cyberbullying: if you have a tween or teen and haven’t workshopped this with your kids then you need to put a time in the diary now. Cyberbullying is one of the biggest challenges our children’s generation will face and unfortunately, it isn’t going away.

The recent tragic suicide of 14 year old Aussie girl Amy ‘Dolly’ Everett as a result of online bullying needs to be a wake-up call for parents. Many kids who are bullied online feel completely ashamed and publicly humiliated and can’t see a way past the embarrassment. They don’t have the skills to handle it and don’t know where to seek help. Yes, we are first-generation digital parents BUT we need to prioritise our children’s safety and well-being online. And sort this out FAST!

How Big An Issue Is Cyberbullying?

Image of crying girl in silhouette surrounded by cyberbullying text messages.
Aussie tweens/teens aged 12-16 are the primary targets of cyberbullying. 63% of the victims are girls.

In its 2016-17 annual report, the Office of the e-Safety Commissioner reveals an increase of 60% in the reported cases of cyberbullying compared with the previous year. The report also shows that:

  • Aussie tweens/teens between the ages of 12 and 16 are the primary targets of cyberbullying
  • Girls made up 63% of the victims

And it isn’t just us parents that consider this to be a big issue – our teens are also concerned. A study of 5000 teens across eleven countries by Vodafone in 2015 showed that in fact over half the teens surveyed considered cyberbullying to be worse than face-to-face bullying, and that 43% believe it is a bigger problem for young people than drug abuse!

So, clearly we have a problem on our hands – and one that isn’t getting better over time.

Why Is Cyberbullying Occurring More Frequently?

Many parenting experts believe a lack of empathy to be a major factor in cyberbullying. In her book, Unselfie, US Parenting Expert Dr Michele Borba explains that we are in the midst of an ‘empathy crisis’ which is contributing to bullying behaviour. She believes teens today are far less empathetic than they were 30 years ago.

Giving children access to devices and social media before they have the emotional smarts to navigate the online world is another factor. You would be hard-pressed to find a child in Year 5 or 6 at a primary school in any Australian capital city who doesn’t have access to or own a smartphone. And once that phone has been given to your child, it’s impossible to supervise their every move. Within minutes they can join social media platforms (some creativity required on the age), enter chat rooms, and view highly disturbing images.

The younger the child, the less likely he or she is to have the emotional intelligence to either navigate tricky situations or make smart decisions online. Perhaps we should all take a lesson from Microsoft co-founder Bill Gates who made his kids wait till they were 14 until being given a phone?

How To Minimise The Risk Of Your Child Being Cyberbullied

There are no guarantees in life, but there are certain steps we can take to reduce the chance of our children being impacted by cyberbullying. Here are my top 5 suggestions:

  1. Communicate.
    Establishing a culture where honest, two-way communication is part of the family dynamic is one of the absolute best things you can do. Let your children know they can confide in you, that nothing is off-limits and that you won’t overreact. Then they will be more likely to open up to you about a problem before it becomes insurmountable.
  2. Understand Their World.
    With a deep understanding of your child’s world (their friends, their favourite activities, the movies they see) you’re better equipped to notice when things aren’t swimming along nicely. Establishing relationships with your child’s teachers or year group mentors is another way to keep your ear to the ground. When a child’s behaviour and activity level changes, it could be an indicator that all is not well. So some parental detective work may be required!
  3. Weave Cyber Safety Into Your Family Dialogue.
    We all talk about sun safety and road safety with our children from a young age. But we need to commit to doing the same about cyber safety. Teach your kids never to share passwords, never to give out identifying information of any kind online, never to respond to online trolls or bullies. Then they will definitely add a layer of armour to shield them from becoming a victim of cyberbullying.
  4. Limit Screen Time.
    I know it seems like an ongoing battle but limiting screen time for social media is essential. One of the easiest ways of doing this is by offering them attractive real-life options. Bike rides, beach visits and outings with friends and family are all good ways of redirecting their attention. And make sure their phone/tablet is out of easy reach at night. Yes, it is more effort but it is so worth it. Less time online = less risk!
  5. Teach Your Kids What To Do If They Are Cyberbullied.
    It is essential your kids know what to do if they are being cyberbullied. Blocking the bullying is critical, so take some time with your kids to understand the block features on the social networks they use. Collecting evidence is crucial, everything should be screen-shot – ensure your child knows how to do this. You can report the cyberbullying incident to the Office of the eSafety Commissioner who work to have offensive material removed and cyberbullying situations addressed. And why not check out the support offered by your child’s school? It’s important your kids know they have a number of trusted adults in their life they can get help from if things get tough.

So, let’s commit to doing what we can to protect our kids from cyberbullying. Your kids need to know that they can talk to you about anything that is bothering them online – even if it is tough or awkward. Dolly Everett’s final drawing, before she took her life, included the heart-rending caption ‘…speak even if your voice shakes.’ Please encourage your kids to do so.

Alex xx

The post Cyberbullying – How Parents Can Minimize Impact On Kids appeared first on McAfee Blogs.

Facebook Phishing Targeted iOS and Android Users from Germany, Sweden and Finland

Two weeks ago, a co-worker received a message in Facebook Messenger from his friend. Based on the message, it seemed that the sender was telling the recipient that he was part of a video in order to lure him into clicking it.

Facebook Messenger message and the corresponding Facebook Page

The shortened link was initially redirecting to Youtube.com, but was later on changed to redirect to yet another shortened link – po.st:

Changes in the Picsee short link

The po.st shortened link supported two types of redirection links – original link and smart links. If the device that accessed the URL was running in iOS or Android, it was redirected to the utm.io shortened link, otherwise it was redirected to smarturl.it.

The short link with the smart links

So for the iOS and Android users, they were served with the following phishing page:

Phishing page for utm.io short link

For the rest of the devices, the users ended up with the smarturl.it link that went through several redirections which eventually led to contenidoviral.net. That page contained an ad-affiliate URL which redirected to mobusi.com, a mobile advertising company.

Phishing page’s ad-affiliate URL

Based on the data from the links, the campaign began last October 15th when it targeted mostly Swedish users. On the 17th, it moved to targeting Finnish users. Then from 19th onwards, it mostly went after German users.

The total number of clicks for the entire campaign reached almost 200,000, where close to 80% of the visitors were from Germany, Sweden and Finland.

Statistics from po.st tracking page

The campaign ran for two weeks with a main motive of stealing Facebook credentials from iOS and Android users. The cybercriminals used those stolen credentials to spread the malicious links, and subsequently gather more credentials. However, while in the process of stealing the credentials, the cybercriminals also attempted to earn from other non-iOS and non-Android users through ad-fraud.

This practice of using email addresses in place of unique names as account credentials creates a big opportunity for phishers. Just by launching this Facebook phishing campaign, they can mass harvest email and password credentials that are later on used for secondary attacks such as gaining access to other systems or services that could have a bigger monetary value because of password reuse.

We highly recommend the affected users to change their passwords as soon as possible, including other systems and services where the same compromised password was used.

URLs:

  • hxxp://lnk[.]pics/19S3Y
  • hxxp://lnk[.]pics/18JDK
  • hxxp://lnk[.]pics/196OV
  • hxxp://lnk[.]pics/18XH7
  • hxxp://lnk[.]pics/196PN
  • hxxp://lnk[.]pics/19LBP
  • hxxp://lnk[.]pics/18YZV
  • hxxp://lnk[.]pics/18QZW
  • hxxp://lnk[.]pics/196PA
  • hxxp://lnk[.]pics/19XK7
  • hxxp://lnk[.]pics/18HFX
  • hxxp://lnk[.]pics/19S3L
  • hxxp://lnk[.]pics/18J7S
  • hxxp://lnk[.]pics/19XKF
  • hxxp://lnk[.]pics/19K94
  • hxxp://lnk[.]pics/19LBW
  • hxxp://pics[.]ee/188g7
  • hxxp://pics[.]ee/18cdl
  • hxxp://po[.]st/ORyChA
  • hxxp://smarturl[.]it/02xuof
  • hxxp://utm[.]io/290459
  • hxxp://at.contenidoviral[.]net

Twitter – Den of Iniquity or Paragon of Virtue… or Someplace in Between?


Twitter - Den of Iniquity or Paragon of Virtue or Someplace in Between


Recently there's been some coverage of Twitter's propensity for porn. Some research has shown that
one in every thousand tweets contains something pornographic. With 8662 tweets purportedly sent every second, that's quite a lot.

Now, this is not something that has escaped our notice here at Smoothwall HQ. We like to help our customers keep the web clean and tidy for their users, and mostly that means free of porn. With Twitter that's particularly difficult. Their filtering isn't easy to enforce and, while we have had some reasonable results with a combination of search term filtering and stripping certain tweets based on content, it's still not optimal. Twitter does not enforce content marking and 140 characters is right on the cusp of being impossible to content filter.

That said - how porn riddled is Twitter? Is there really sex round every corner? Is that little blue bird a pervert? Well, what we've found is: it's all relative.

Twitter is certainly among the more gutter variety of social networks, with Tumblr giving it a decent run for boobs-per-square-inch, but the likes of Facebook are much cleaner — with even images of breastfeeding mothers causing some controversy.

Interestingly, however, our back-of-a-beermat research leads us to believe that about 40 in every 1000 websites is in some way linked to porn — these numbers come from checking a quarter of a million of the most popular sites through Smoothwall's web filter and seeing what gets tagged as porn. Meanwhile, the Huffington Post reports that 30% of all Internet traffic is porn - the biggest number thus far. However, given the tendency of porn toward video, I guess we shouldn't be shocked.

Twitter: hard to filter, relatively porn-rich social network which is only doing its best to mirror the makeup of the Internet at large. As a school network admin, I would have it blocked for sure: Twitter themselves used to suggest a minimum age of 13, though this requirement quietly went away in a recent update to their terms of service.

Facebook’s new terms, is the sky falling?

You have seen them if you are on Facebook, and perhaps even posted one yourself. I’m talking about the statements that aim to defuse Facebook’s new terms of service, which are claimed to take away copyright to stuff you post. To summarize it shortly, the virally spreading disclaimer is meaningless from legal point of view and contains several fundamental errors. But I think it is very good that people are getting aware of their intellectual rights and that new terms may be a threat.

Terms of service? That stuff in legalese that most people just click away when starting to use a new service or app. What is it really about and could it be important? Let’s list some basic points about them.

  • The terms of service or EULA (End User License Agreement) is a legally binding agreement between the service provider and the user. It’s basically a contract. Users typically agree to the contract by clicking a button or simply by using the service.
  • These terms are dictated by the provider of the service and not negotiable. This is quite natural for services with a large number of users, negotiating individual contracts would not be feasible.
  • Terms of service is a defensive tool for companies. One of their primary goals is to protect against lawsuits.
  • These terms are dictated by one part and almost never read by the other part. Needless to say, this may result in terms that are quite unfavorable for us users. This was demonstrated in London a while ago. No, we have not collected any children yet.
  • Another bad thing for us users is the lack of competition. There are many social networks, but only one Facebook. Opting out of the terms means quitting, and going to another service is not really an option if all your friends are on Facebook. Social media is by its nature monopolizing.
  • The upside is that terms of service can’t change the law. The legislation provides a framework of consumer and privacy protection that can’t be broken with an agreement. Unreasonable terms, like paying with your firstborn child, are moot.
  • But be aware that the law of your own country may not be applicable if the service is run from another country.
  • Also be aware that these terms only affect your relationship to the provider of the service. Intelligence performed by authorities is a totally different thing and may break privacy promises given by the company, especially for services located in the US.
  • The terms usually include a clause that grant the provider a license to do certain things with stuff the users upload. There’s a legitimate reason for this as the provider need to copy the data between servers and publish it in the agreed way. This Facebook debacle is really about the extent of these clauses.

Ok, so what about Facebook’s new terms of service? Facebook claim they want to clarify the terms and make them easier to understand, which really isn’t the full story. They have all the time been pretty intrusive regarding both privacy and intellectual property rights to your content, and the latest change is just one step on that path. Most of the recent stir is about people fearing that their photos etc. will be sold or utilized commercially in some other way. This is no doubt a valid concern with the new terms. Let’s first take a look at the importance of user content for Facebook. Many services, like newspapers, rely on user-provided content to an increasing extent. But Facebook is probably the ultimate example. All the content you see in Facebook is provided either by the users or by advertisers. None by Facebook itself. And their revenue is almost 8 billion US$ without creating any content themselves. Needless to say, the rights to use our content is important for them. What Facebook is doing now is ensuring that they have a solid legal base to build current and future business models on.

But another thing of paramount importance to Facebook is the users’ trust. This trust would be severely damaged if private photos start appearing in public advertisements. It would cause a significant change in peoples relationship with Facebook and decrease the volume of shared stuff, which is what Facebook lives on. This is why I am ready to believe Facebook when they promise to honor our privacy settings when utilizing user data.

Let’s debunk two myths that are spread in the disclaimer. Facebook is *not* taking away the copyright to your stuff. Copyright is like ownership. What they do, and have done previously too, is to create a license that grant them rights to do certain things with your stuff. But you still own your data. The other myth is that a statement posted by users would have some kind of legal significance. No, it doesn’t. The terms of service are designed to be approved by using the service, anyone can opt to stop using Facebook and thus not be bound by the terms anymore. But the viral statements are just one-sided declarations that are in conflict with the mutually agreed contact.

I’m not going to dig deeper into the changes as it would make this post long and boring. Instead I just link to an article with more info. But let’s share some numbers underlining why it is futile for ordinary mortals to even try to keep up with the terms. I browsed through Facebook’s set of terms just to find 10 different documents containing some kind of terms. And that’s just the stuff for ordinary users, I left out terms for advertisers, developers etc. Transferring the text from all these into MS Word gave 41 pages with a 10pt font, almost 18 000 words and about 108 000 characters. Quite a read! But the worst of all is that there’s no indication of which parts have changed. Anyone who still is surprised by the fact that users don’t read the terms?

So it’s obvious that ordinary user really can’t keep up with terms like this. The most feasible way to deal with Facebook’s terms of service is to consider these 3 strategies and pick the one that suits you best.

  1. Keep using Facebook and don’t worry about how they make money with your data.
  2. Keep using Facebook but be mindful about what you upload. Use other services for content that might be valuable, like good photos or very private info.
  3. Quit Facebook. That’s really the only way to decline their terms of service.

By the way, my strategy is number 2 in the above list, as I have explained in a previous post. That’s like ignoring the terms, expecting the worst possible treatment of your data and posting selectively with that in mind. One can always put valuable stuff on some other service and post a link in Facebook.

So posting the viral disclaimer is futile, but I disagree with those who say it’s bad and it shouldn’t be done. It lacks legal significance but is an excellent way to raise awareness. Part of the problem with unbalanced terms is that nobody cares about them. A higher level of awareness will make people think before posting, put some pressure on providers to make the terms more balanced, and make the legislators more active, thus improving the legal framework that control these services. The legislation is by the way our most important defense line as it is created by a more neutral part. The legislator should, at least in theory, balance the companies’ and end users’ interests in a fair way.

 

Safe surfing,
Micke

 

Image: Screenshot from facebook.com