Read more of this story at Slashdot.
Read more of this story at Slashdot.
The first-day-of-school jitters nearly did me in as a kid. Our military family moved ten times, so I got used to the stomach aches and stares that came with every new school.
I can’t imagine making those big moves as a kid in today’s digital culture. The cliques are far more visible. The fails are far more public and weaknesses, far more exploited.
This digital layer of scrutiny and exposure sends my admiration and respect for kids today to heroic levels.
Tech and Anxiety
Reports of tech-related anxiety* and depression in kids on the rise, which can put a whole layer of angst on first-day jitters. And while there is no one-size-fits-all solution to ease that stress, helping your child manage his or her technology can help diminish it.
Tips to Help Ease Stress
1. Unplug more. Discuss the power and emotional pull of the smartphone and how it can escalate the stress of starting school. Remind kids that the edited, seemingly perfect version of life people post on social media doesn’t represent reality and that constant comparison can be harmful.
While we recommend families establish a phone curfew every night for health reasons, it’s especially crucial in the weeks leading up to the first day of school. Other simple ways to ease stress this school year: Turn off all push notifications during school hours and use parental control apps to help with time limits and safety.
2. Make time to talk. Ask your child what concerns him or her most about starting school. Then, just listen. Acknowledge your child’s fears and try to relate or find common ground. Let your child know that worry is normal, it can help protect us, and everyone experiences it from time to time. Some of the stresses they might share: Finding friends and fitting in, who they will sit with at lunchtime, having the right clothes or fashion sense, being able to find their classes, opening the combinations on their lockers, sports or music auditions, body image and appearance, school work challenges, and more.
3. Visualize the first day. Help your child map out his or her classes. Based on your child’s feedback, talk through possible awkward or stressful situations that might come up to help build his or her confidence and reduce worry. Often just getting a fear from your brain to your lips can strip power from fear. Brainstorm one-liners your kids might use to introduce themselves to new people or positive responses that might deflect a negative comment.
4. Practice the present. Anxiety* can be triggered when we live more of life in the future — imagining the what-ifs — than living in the right now. Who hasn’t imagined tripping in the lunchroom or falling down the stairs? A few simple tips: Teach kids to practice deep breathing, to challenge their negative thoughts, and to talk/think about life in the present tense.
5. Encourage. Without going over the top (because kids can smell inflated praise), remind your child of his or her strengths. Fear creates a wall that blocks our view of past accomplishments. Provide that recollection for your child. Give truthful reminders of your child’s strengths, talents, and unique qualities.
6. Help kids with balance on and offline. A new school year represents a clean slate. There’s no need to bring bad habits along. So make the changes you’ve always intended to make. Set time limits on technology and stick to them. Help your kids prioritize face-to-face time with peers. Know what’s going on in your child’s online life and make sure his or her digital community isn’t unraveling your parenting goals. Pay close attention to new friends and your child’s demeanor on a daily basis.
* It’s important to note that while the word “anxiety” is commonly used, the American Acadamy of Pediatrics says that 8% of kids are diagnosed with an anxiety disorder. If your child’s stress level becomes serious, please seek professional help.
The post Tech Talk: Ways to Help Your Child Conquer Back-To-School Fears appeared first on McAfee Blogs.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Spreading fake news through WhatsApp was never so easy before. According to the latest research from Check Point security firm, WhatsApp users are at the risk of getting their private chats and group conversations hacked and exploited. Researchers discovered a new wave of attacks that allow cybercriminals to penetrate your messages on WhatsApp. This penetration […]
This is a post from HackRead.com Read the original post: New WhatsApp flaws let attackers hack private/group chats to fake news
Facebook adds augmented reality (AR) games to its Messenger app
Facebook is known for copying Snapchat’s features for its social media platforms. And, the social media giant has done it yet again!!! Facebook in a blog post yesterday announced a new feature in Messenger app for its users that makes connecting with friends in video chat even more fun and competitive. Facebook has added augmented reality (AR) games in video chats of its Messenger app. This feature allows up to six people to play the AR games at a time via video chat.
“For the moments when we can’t be together IRL, Messenger video chat helps you connect in real-time with the people you care about most. Today we’re excited to make connecting with your friends in video chat even more fun – and competitive! – with multiplayer video chat AR games,” Facebook said in the announcement on Wednesday.
Currently, there are two AR games, ‘Don’t Smile’ and ‘Asteroid Attack’ that are available to play. These games test each player’s ability to steer a spaceship using their face.
“With this feature starting to roll out today, you can challenge your friends around the world to two games: see who can hold a serious face the longest with “Don’t Smile”, or see who can better navigate their spaceship with “Asteroids Attack”, the social media giant said.
Facebook also plans to roll out more games in the coming weeks and months. One of them is called Beach Bump, where players get to pass a beach ball back and forth, while another one is a matching cat game called Kitten Kraze.
If you wish to try out the new feature, ensure that your device is running the latest version of Messenger app. Open a new or existing video conversation or find the person or group of people you would like to chat with and tap the video icon on the upper right corner of the screen. Click the star button and select one of the AR games from the list. The app will then notify the person or group in the video chat that the game is starting.
Facebook’s new feature is very much like one of Messenger’s chief competitor, Snapchat’s Snappables – the lens-based games inside the Snapchat camera, that was launched in April this year. Snappables allows the user to use touch, motion, and facial expressions to compete for high scores or in literal head-to-head multiplayer match-ups. Some of the first Snappables previewed by Snapchat include an Asteroids-style space shooter, a weightlifting one you play by straining your forehead, a bubble gum popping contest, an egg-catching competition, a kiss-blowing game, and a dance party.
What do you think about Facebook’s new AR games feature in Messenger app? Do let us know in the comment sections below.
Naked Security - Sophos
- Facebook claimed to have removed accounts that display behavior consistent with possible Russian actors engaged in misinformation. (Source: The Wall Street Journal)
- Yale University disclosed that they were breached at least a decade ago. (Source: NBC – Connecticut)
- High school students, be on the lookout! If you receive email or snail mail from organizations with impressive-sounding names, consider that it may just be a carefully packaged marketing scheme. (Source: Sophos’s Naked Security Blog)
- A researcher from Amnesty International revealed that hackers have targeted them with malware from an Israeli vendor. (Source: Motherboard)
- Certain e-commerce providers in the UK were affected by a data breach and exposed potentially more than a million user data. (Source: Graham Cluley’s blog)
- A game on the Steam platform was found hijacking video game player machines to mine cryptocurrency. (Source: Motherboard)
- The Alaskan Borough of Matanuska-Susitna was infected with malware that disrupted normal activities so much that they had to dust off old typewriters to continue issuing receipts. (Source: Sophos’s Naked Security blog)
- While we’re on the subject of breaches, here’s another popular victim: Reddit. (Source: TechCrunch)
- Google joined Apple in banning mining apps on the Play Store. (Source: Coin Central)
- An independent security researcher from the UK spotted a DHL-themed spam carrying malware hidden in a GIF file. (Source: The SANS ISC InfoSec Forums)
Stay safe, everyone!
Read more of this story at Slashdot.
Naked Security - Sophos
Read more of this story at Slashdot.
We were in the midst of what I believed to be an important conversation.
“Just a sec mom,” she said promptly after a Snapchat notification popped up on her iPhone.
She stopped me mid-sentence, puckered her lips, rolled her eyes, typed a few lines of copy, and within three seconds, my teenage daughter Snapchatted a few dozen friends.
“Sorry, mom, what were you saying?” she turned back toward me her face void of any trace of remorse.
It was clear: Snapchat had far more influence than I, the parent, and it was time to make some serious changes.
Imbalance of Power
It’s obvious the power apps hold over our lives. In fact, in an attempt to encourage responsible app use, Facebook and Instagram recently announced it would implement tools allowing users to track how much time they spend on the apps. This mom is hoping Snapchat will follow suit.
Since its inception in 2011, Snapchat has become one of the most popular apps with an estimated 187 daily active users. A 2017 study released by Science Daily found that 75% of teens use Snapchat. But it’s not the only app winning our kids affections:
- 76 percent of American teens age 13-17 use Instagram.
- 75 percent of teens use Snapchat.
- 66 percent of teens use Facebook.
- 47 percent of teens use Twitter.
- Fewer than 30 percent of American teens use Tumblr, Twitch, or LinkedIn.
If you have a teen, you understand the dilemma. We know that social ties are essential to a teen’s psychological well-being. We also know that excessive time online can erode self-esteem and cause depression. We can’t just yank our child’s favorite app, but we also can’t let it run in the background of our lives 24/7, right?
What we can do is take some intentional steps to help kids understand their responsibility to use apps in healthy, resilient ways. In our house, taking that step meant addressing — and taming — the elephant in the room: Snapchat. Here are a few things that worked for us you may find helpful.
4 Steps to Help Curb Excessive Snapchatting
- Strive for quality relationships. With so much more information available on the downside of excessive social media use, it’s time to be candid with our kids. Excessive “liking,” carefully-curated photos, and disingenuous interactions online are not meaningful interactions. Stress to kids that nothing compares to genuine, face-to-face relationships with others.
- Zero phone zones. This is a rule we established after one too many snaps hijacked our family time. We agreed that when in the company of others — be it at home, in the car, in a restaurant, at church, at a relative’s house — all digital devices get turned facedown or put in a pocket. By doing this, we immediately increased opportunities for personal connection and decreased opportunities for distraction. This simple but proven strategy has cut my daughter’s Snapchat time considerably.
- Establish a Snapchat curfew. Given the opportunity, teens will Snapchat until the sun comes up. Don’t believe me? Ask them. If not for the body’s physical need for sleep, they’d happily Snapchat through the night. Consider a curfew for devices. This rule will immediately begin to wean your child’s need to Snapchat around the clock.
- Track Snapchat time. Investing in software such as McAfee® Safe Family is an option when trying to strike a healthy tech balance. The software will help with time limits, website filtering, and app blocking. There is also helpful time tracking apps. For the iPhone, there’s Moment, and for Android, there’s Breakfree. Both apps will track how much time you spend on your phone. Seeing this number — in hours — can be a real eye-opener for both adults and kids.Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).
The post Too Much Tech: 4 Steps to Get Your Child to Chill on Excessive Snapchatting appeared first on McAfee Blogs.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Facebook’s chief security officer resigned as Facebook steps up its cybersecurity efforts. Also, Feds indicted three Ukrainians charged with stealing data on 15 million payment cards from more than 100 companies.
Read on to learn more.
Reddit recently announced that it suffered a security breach in June that exposed some of its internal systems to the attackers, although what was accessed was not particularly sensitive.
Virtualization vulnerabilities are seeing a huge surge this year as security researchers start to truly take the microscope to the full range of virtualization software.
Now that corporate activities are increasingly taking place outside of the office, technology that enables real-time communication and collaboration among office workers is absolutely essential.
Enterprises are increasingly adopting DevOps. In fact, 50 percent of surveyed organizations in 2017 were already implementing and expanding DevOps-related initiatives.
The Department of Homeland Security unveiled a National Risk Management Center, an effort to fight cyberthreats and protect U.S.’ infrastructure through cooperation between public and private sectors.
A new method of enhancing an ML system to counter evasion tactics is generating adversarial samples, which are input data modified to cause an ML system to incorrectly classify it.
Trend Micro has put together a handy two-part guide giving you the lowdown on phishing attacks—what they’re designed to do, what they look like, and how you can avoid getting caught by the hoax.
Phishing and its variants was the third most popular cybercrime type in 2017, representing nearly $30m in victim losses.
Facebook’s CSO, Alex Stamos, will exit the social network this month as Facebook steps up its efforts to combat misinformation and foreign interference in the November midterm elections.
Based on information from Trend Micro Smart Protection Network, we’ve identified three top trends within the threat landscape that hit a majority of enterprise victims during the first months of 2018.
U.S. law enforcement announced the arrests of three leading members of a prolific cybercrime group believed responsible for stealing data on 15 million payment cards from more than 100 companies.
Do you think Machine Learning could give businesses more control over their internet security? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Facebook and Feds appeared first on .
Facebook’s Chief Security Officer Alex Stamos has announced he will be leaving the company and he will shortly be taking
Facebook Chief Security Officer Alex Stamos has announced that he’s leaving the company on August 17 and will be joining Stanford University full-time as a teacher and researcher. “I have had the pleasure of lecturing at Stanford for several years, and now I will have the honor of guiding new generations of students as an Adjunct Professor at the Freeman-Spogli Institute for International Studies,” he said. “I will also continue my work understanding and preventing … More
The post Facebook CSO Alex Stamos leaves to join Stanford Uni appeared first on Help Net Security.
Read more of this story at Slashdot.
Facebook introduced an airplane reaction button but quickly deleted it too
If you are a regular Facebook user, you would have come across something strange this Tuesday morning on the social media platform. Besides the app’s standard post reactions—Like, Love, Haha, Wow, Sad, and Angry—some users also noticed an emoji reaction button to posts with a plane.
Soon after, users began to report that they were able to react to posts with a new airplane emoji. Apparently, the new plane emoji was only available on Facebook’s Android app and that too after clearing the app’s cache.
According to some users, the new emoji appeared only if they updated the Android app and flushed the cache in the app. Then they had to hold down the ‘like’ button in the comments section of a post, which would then show two angry face reaction icons. By clicking the second one, an airplane emoji would appear as your reaction instead. Also, everyone was able to see the reaction emoji, if someone else posted it.
— Matt Navarra (@MattNavarra) July 31, 2018
@facebook has released its previously hidden plane ?? reaction button for android's with an updated app and it’s confusing everyone! ??
— Kenu (@kenureid) August 1, 2018
It seems that the plane appears to have been designed as part of hackathon event at Facebook’s headquarters. The plane emoji was a bug and not an actual feature, Facebook said.
“This was created as part of an employee hackathon and wasn’t cleared for takeoff,” said a Facebook representative. “Our apologies.”
While Facebook has removed the plane reaction and we may never come across it unless it is officially revealed by the social media giant, it did disclose its most popular reactions back in 2017.
According to Facebook, over half of the reactions people used that year was that of the heart emoji, which was also the most used emoji on Christmas Day 2016.
The World Emoji Day 2018 that was celebrated on July 17, saw the heart emoji used twice as much as in 2017, Facebook said.
The post Facebook accidentally releases airplane reaction emoji appeared first on TechWorm.
Read more of this story at Slashdot.
Facebook removed 32 Facebook and Instagram accounts and pages that were involved in a coordinated operation aimed at influencing the midterm US elections
Facebook has removed 32 Facebook and Instagram accounts and pages that were involved in a coordinated operation aimed at influencing the forthcoming midterm US elections.
Facebook is shutting down content and accounts “engaged in coordinated inauthentic behavior”
At the time there is no evidence that confirms the involvement of Russia, but intelligence experts suspect that Russian APT groups were behind the operation.
Facebook founder Mark Zuckerberg announced its response to the recently disclosed abuses.
“One of my top priorities for 2018 is to prevent misuse of Facebook,” Zuckerberg said on his own Facebook page.
“We build services to bring people closer together and I want to ensure we’re doing everything we can to prevent anyone from misusing them to drive us apart.”
According to Facebook, “some of the activity is consistent” with Tactics, Techniques and Procedures (TTPs) associated with the Internet Research Agency that is known as the Russian troll farm that was behind the misinformation campaign aimed at the 2016 Presidential election.
“But we don’t believe the evidence is strong enough at this time to make public attribution to the IRA,” Facebook chief security officer Alex Stamps explained to the reporters.
Facebook revealed that some 290,000 users followed at least one of the blocked pages.
“Resisters” enlisted support from real followers for an August protest in Washington against the far-right “Unite the Right” group.
According to Facebook, fake pages that were created more than a year ago, in some cases the pages were used to promote real-world events, two of them have taken place.
Just after the announcement, the US Government remarked it will not tolerate any interference from foreign states.
“The president has made it clear that his administration will not tolerate foreign interference into our electoral process from any nation-state or other malicious actors,” deputy press secretary Hogan Gidley told reporters.
The investigation is still ongoing, but the social media giant decided to disclose early findings to shut down the orchestrated misinformation campaign.
Nathaniel Gleicher, Head of Cybersecurity Policy at Facebook, explained that the threat actors used VPNs and internet phone services to protect their anonymity.
- “In total, more than 290,000 accounts followed at least one of these Pages, the earliest of which was created in March 2017. The latest was created in May 2018.
- The most followed Facebook Pages were “Aztlan Warriors,” “Black Elevation,” “Mindful Being,” and “Resisters.” The remaining Pages had between zero and ten followers, and the Instagram accounts had zero followers.
- There were more than 9,500 organic posts created by these accounts on Facebook and one piece of content on Instagram.
- They ran about 150 ads for approximately $11,000 on Facebook and Instagram, paid for in US and Canadian dollars. The first ad was created in April 2017, and the last was created in June 2018.
- The Pages created about 30 events since May 2017. About half had fewer than 100 accounts interested in attending. The largest had approximately 4,700 accounts interested in attending, and 1,400 users said that they would attend.” said Gleicher.
Facebook announced it would start notifying users that were following the blocked account and users who said would attend events created by one of the suspended accounts and pages
Facebook reported its findings to US law enforcement agencies, Congress, and other tech companies.
“Today’s disclosure is further evidence that the Kremlin continues to exploit platforms like Facebook to sow division and spread disinformation, and I am glad that Facebook is taking some steps to pinpoint and address this activity,” declared the Senate Intelligence Committee’s top Democrat Mark Warner.
(Security Affairs – Facebook, midterm US elections)
The post Facebook reported and blocked attempts to influence campaign ahead of midterms US elections appeared first on Security Affairs.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Friday’s sudden negative shift continued to define trading so far today, with the weakness in the Nasdaq and especially the market-leading tech giants is driving returns. The major US indices opened with losses, with the Dow and the S&P 500 clearly outperforming the tech benchmark, reversing the relationship that dominated the market for months. Nasdaq […]
The post Nasdaq Leads Stocks Lower as Dollar Retreats Before Central Bank Bonanza appeared first on Hacked: Hacking Finance.
These days, it’s not a matter of if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 295 sites comprising 5.3 billion accounts. This includes well-known names like LinkedIn, Adobe, and MySpace. Password breaches are a cause for embarrassment; […]… Read More
The post Save the Embarrassment: The Value of Two-Factor Authentication appeared first on The State of Security.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
The summer months can be tough on kids. There’s more time during the day and much of that extra time gets spent online scrolling, surfing, liking, and snap chatting with peers. Unfortunately, with more time, comes more opportunity for interactions between peers to become strained even to the point of bullying.
Can parents stop their kids from being cyberbullying completely? Not likely. However, if our sensors are up, we may be able to help our kids minimize both conflicts online and instances of cyberbullying should they arise.
Summer can be a time when a child’s more prone to feelings of exclusion and depression relative to the amount of time he or she spends online. Watching friends take trips together, go to parties, hang out at the pool, can be a lot on a child’s emotions. As much as you can, try to stay aware of your child’s demeanor and attitude over the summer months. If you need help balancing their online time, you’ve come to the right place.
Steer Clear of Summer Cyberbullies
- Avoid risky apps. Apps like ask.fm that allow outsiders to ask a user any question anonymously should be off limits to kids. Kik Messenger and Yik Yak are also risky apps. Users have a degree of anonymity with these kinds of apps because they have usernames instead of real names and they can easily connect with profiles that could be (and often are) fake. Officials have linked all of these apps to multiple cyberbullying and even suicide cases.
- Monitor gaming communities. Gaming time can skyrocket during the summer and in a competitive environment, so can cyberbullying. Listen in on the tone of the conversations, the language, and keep tabs on your child’s demeanor. For your child’s physical and emotional health, make every effort to help him or her balance summer gaming time.
- Make profiles and photos private. By refusing to use privacy settings (and some kids do resist), a child’s profile is open to anyone and everyone, which increases the chances of being bullied or personal photos being downloaded and manipulated. Require kids under 18 to make all social profiles private. By doing this, you limit online circles to known friends and reduces the possibility of cyberbullying.
- Don’t ask peers for a “rank” or a “like.” The online culture for teens is very different than that of adults. Kids will be straightforward in asking people to “like” or “rank” a photo of them and attach the hashtag #TBH (to be honest) in hopes of affirmation. Talk to your kids about the risk in doing this and the negative comments that may follow. Remind them often of how much they mean to you and the people who truly know them and love them.
- Balance = health. Summer means getting intentional about balance with devices. Stepping away from devices for a set time can help that goal. Establish ground rules for the summer months, which might include additional monitoring and a device curfew.
Know the signs of cyberbullying. And, if your child is being bullied, remember these things:
1) Never tell a child to ignore the bullying. 2) Never blame a child for being bullied. Even if he or she made poor decisions or aggravated the bullying, no one ever deserves to be bullied. 3) As angry as you may be that someone is bullying your child, do not encourage your child to physically fight back. 4) If you can identify the bully, consider talking with the child’s parents.
Technology has catapulted parents into arenas — like cyberbullying — few of us could have anticipated. So, the challenge remains: Stay informed and keep talking to your kids, parents, because they need you more than ever as their digital landscape evolves.
The post Family Matters: How to Help Kids Avoid Cyberbullies this Summer appeared first on McAfee Blogs.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Facebook’s Watch Party Lets Users Stream Videos With Friends
Facebook has launched a new feature called ‘Watch Party’ to all Facebook Groups around the globe and will be available across mobile and desktop platform. This new feature allows members of the Facebook groups to join in and watch videos on the social network platform together in real time, and comment.
Facebook had been testing the ‘Watch Party’ feature for almost six months now and the company has plans to release the feature sometime in the future, which could see it compete against Google’s YouTube in the video streaming sector.
“Watch Party is a new way for people to watch videos on Facebook together in real time. Once a Watch Party is started, participants can watch videos, live or recorded, and interact with one another around them in the same moment. We’ve been focused on building new ways to bring people together around video, create connections, and ignite conversations; Watch Party is the next step in bringing this vision to life,” Erin Connolly, Product Manager at Facebook, said in a blog post.
Facebook says Watch Parties are great for both small groups of friends and family members, as well as large organizations hosting Q&A sessions and more.
Watch Party will not be limited to Facebook groups alone, Facebook revealed. The company is now planning to roll out the feature for Pages, which normally refer to profiles of public figures and other organizations.
“We are now starting to test the ability for people to start to Watch Parties with friends outside of groups, too, and we’ll explore Watch Parties for Pages in the future,” Connolly said.
“We believe that if people can start a Watch Party directly from their profile or from a video they’re watching, the experience of watching video on Facebook can become even more fun and social,” Connolly added.
Based on the feedback collected from Facebook groups, the social media giant has added the following two new features on the global launch, which were not included during the test phase:
Co-hosting – This feature allows the host of a Watch Party designate other co-hosts who can add videos and keep the party going.
Crowdsourcing – This feature lets anyone in a Watch Party suggest videos for the host to add to the Watch Party.
Check out the demo below to know how to start a Watch Party on Facebook.
Further, Facebook has lined up a selection of Watch Parties to celebrate its launch. To check the latest Weekend of Watch Party happenings, click here.
The post Facebook launches ‘Watch Party’ to all groups around the world appeared first on TechWorm.
Naked Security - Sophos
Stocks markets had a volatile session with a blowout finish, especially in the US today, with the major indices finishing with substantial gains, taking out important resistance levels in the process. The US-EU trade talks were in the center of attention, while quarterly earnings also continued to make waves across the globe. DOW 30, 4-Hour […]
The post Facebook Crashes After-Hours Despite Trade-Deal Rally appeared first on Hacked: Hacking Finance.
Read more of this story at Slashdot.
In this week’s podcast: a report out last week from The Institute for the Future makes clear that state sponsored trolling has gone global and is now a go-to tool for repressive regimes worldwide, constituting a new form of human rights abuse. Ben Nimmo of The Atlantic Council joins us to discuss. Also: ransomware is one of the most...
Google, Microsoft, Facebook and Twitter have collaborated and announced Data Transfer Project (DTP) a program that will create an open-source
Third-Third party services also need to be security assured, as seen with the Typeform compromise. Typeform is a data collection company, on 27th June, hackers gained unauthorised access to one of its servers and accessed customer data. According to their official notification, Typeform said the hackers may have accessed the data held on a partial backup, and that they had fixed a security vulnerability to prevent reoccurrence. Typeform has not provided any details of the number of records compromised, but one of their customers, Monzo, said on its official blog that is was in the region of 20,000. Interestingly Monzo also declared ending their relationship with Typeform unless it wins their trust back. Travelodge one UK company known to be impacted by the Typeform breach and has warned its impacted customers. Typeform is used to manage Travelodge’s customer surveys and competitions.
Other companies known to be impacted by the Typeform breach include:
- 80,000 hours (a career advice provider) – 8,300 customers, names, emails, mobile
- Revolut11,000 customers, ICO is known to be informed
- Fortnum and Mason (Food retailer) -23,000 customers
- UK Liberal Democrat Party
- Airtasker (Australian job marketplace)
- Tasmanian Electoral Commission
- Baker Delight
- German SPCAF & Rencore
Facebook-Cambridge Analytica data scandal
Facebook reveals its data-sharing VIPs
Cambridge Analytica boss spars with MPs
A UK government report criticised the security of Huawei products, concluded the government had "only limited assurance" Huawei kit posed no threat toUK national security. I remember being concerned many years ago when I heard BT had ditched US Cisco routers for Huawei routers to save money, not much was said about the national security aspect at the time. The UK gov report was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was set up in 2010 in response to concerns that BT and other UK companies reliance on the Chinese manufacturer's devices, by the way, that body is overseen by GCHQ.
Banking hacking group "MoneyTaker" has struck again, this time stealing a reported £700,000 from a Russia bank according to Group-IB. The group is thought to be behind several other hacking raids against UK, US, and Russian companies. The gang compromise a router which gave them access to the bank's internal network, from that entry point, they were able to find the specific system used to authorise cash transfers and then set up the bogus transfers to cash out £700K.
- NHS Data Breach affects 150,000 Patients due to Third-Party Supplier Coding Error
- Names and flight details exposed in Thomas Cook Customer Data Breach
- Hackers net almost $1m in Russian Bank Raid
- Hacker found selling info on top-secret MQ-9 Reaper UAV on the Dark Web
- Ex-Apple Engineer on Route to China Arrested for stealing secret info on Autonomous Car Project
- Telefonica Breach leaves Data on Millions Exposed
- Facebook fined £500,000 by the ICO for Cambridge Analytica Data Breach
- Several Companies Customer Data compromised by Hacked Third Party Supplier Typeform
- UK Gov Criticises the Security of Huawei Products
- Flaws in Health and Fitness Wearables help Hackers poach Personal Data of Users
- Singapore Personal Data Hack hits 1.5m, Health Authority says
- Banking Trojans Rocket & Cryptomining here to stay
- BAE Systems launches ‘The Intelligence Network’
- Two New Spectre Vulnerability Variants Emerge
- New and Improved Magniber Ransomware within Asia
- Russia leads the Nation-state Attacks against Business according to a Report by Carbon Black
- Financial Times Special Report on Cyber Security
- Banking Trojans rocket, while cryptomining is here to Stay according to the Check Point Global Threat Index
- The share of Cryptomining attacks grew from 7% to 32% of all Attacks in just Six months
Read more of this story at Slashdot.
Read more of this story at Slashdot.
Read more of this story at Slashdot.
The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, says email security company Vade Security. The company credits the surging of adoption of Microsoft Office 365 for this unfortunate statistic. “It’s clear that Office 365 has become the number one target for corporate phishing attacks,” the company explained. “The reason is that it’s highly profitable to compromise an Office 365 account. Hackers see email-based attacks as an easy entry … More
The post Microsoft tops list of brands impersonated by phishers appeared first on Help Net Security.
Facebook has denied allegations by a by a U.K. news outlet that it gave preferential treatment to some pages that promote hate speech because of financial interest, saying that creating a safe environment for its users remains a top priority. The social media giant Tuesday defended itself against a TV report on Channel 4 in the United Kingdom...
Last week, we talked about domestic abuse fuelled by IoT, doing threat intel programs right, blocking ICO fraud, and man-in-the-middle attacks. We also explained why we block shady ad blockers and provided tips to online shoppers for Prime Day.
- Reports revealed that low-end Android devices sold in Egypt, Brazil, South Africa, Myanmar, and other developing markets contain pre-installed malware. (Source: Help Net Security)
- The breach in Ticketmaster was found to be part of a larger card fraud campaign. (Source: Dark Reading)
- Significant increases in Microsoft and virtualization software bugs seen. (Source: CSO Online)
- Two new Spectre-style CPU attacks uncovered by researchers. (Source: ZDNet)
- Sextortion is in the news once again, and scammers behind it get the attention of their targets by revealing old passwords tied to their account. (Source: KrebsOnSecurity)
- Almost half of organizations worldwide were hit by crypto mining attacks, report says. (Source: Help Net Security)
- Researchers from the Oxford Internet Institute revealed that Internet filters rarely keep adolescent kids away from adult entertainment material. (Source: TechCrunch)
- A Chrome extension allowed marketers to access sensitive data of Facebook users in closed groups. (Source: Computing)
- A mobile malware campaign in India was found to use an open-source mobile device management (MDM) system to take over devices. (Source: Talos Intelligence)
- The importance of multi-factor authentication highlighted in recent breaches concerning Timehop and Macy’s. (Source: Dark Reading)
Stay safe, everyone!
Read more of this story at Slashdot.
In the weeks leading up to the deadline for GDPR’s obligatory implementation, complaints to the leading data protection agencies in Europe about breaches of the new regulation piled up;and it hasn’t taken long for the reactions, and of course, the sanctions, to appear. Facebook, which has been under scrutiny for months now, has received the first large sanction for not following the data processing standards found in the legislation.
And the fact is that two months after the GDPR came into force, data protection is still causing real headaches in many companies, both in Europe and further afield. Not only have we seen cases of intentional theft of data, but we’ve also seen cases where data has been lost due to internal cybersecurity carelessness.
And now we know the consequences of one of the cases of personal data abuse that has generated most interest among the public in the last few months: Facebook and Cambridge Analytica. A controversy that affected over 87 million users whose personal information was collected by the consulting firm without their express consent, and then sold to third parties, who supposedly used it to benefit Donald Trump’s presidential campaign.
Now, the Information Commissioner’s Office (ICO) in the UK has given Facebook a fine, the first the social network has received in relation to this scandal. The £500,000 (€564,951.15) fine is the maximum stipulated by the country’s data protection laws. This amount is probably not enough to make a dent in Facebook’s finances: the company is able to earn the same amount every five and a half minutes.
The IOC ruled that Facebook failed to safeguard its users’ data, and that it failed to be transparent with how it used this data or the interests that lay behind this abuse. The IOC will also bring criminal action against SCL Elections, Cambridge Analytica’s parent company.
So what has been the outcome of all this? The social network must pay the fine, although it is undoubtedly a minimal fine in comparison with the magnitude of the scandal. It’s worth remembering that the GDPR can impose fines of up to 4% of a company’s annual turnover. This means that, had this been a sentence within the framework of the European Union, Facebook could have faced a fine of €1,581,863,215, significantly higher than the one imposed by the UK.
This is not an isolated case
While the Facebook controversy is making headlines, there are many other cases of abuse of data that have come to light in the last few months.
In September 2017, Equifax was implicated in one of the largest data breaches in history, when personal data of over 142 million people was leaked. If we suppose that the company would have received the highest sanction possible under GDPR, Equifax would have faced the astronomical fine of 124 million dollars.
An even bigger case in terms of the amount of data affected was Exactis, a US marketing company. At the end of June, a database with 340 million individual records containing personal data was left exposed on the Internet without authentication. This means that anyone could have accessed the database and its content.
Timehop was involved in another significant breach that exposed the data of 21 million users on July 4. The hacker that stole the data was able to gain access thanks to a cloud storage account that didn’t use multi-factor authentication. The company has stated that it contacted data protection officials shortly after the discovery of the breach.
It is clear that the economic sanctions that the GDPR entails are no trifling matter, and that, despite the increased interest in the subject of data protection, the problems surrounding the handling of personal information (PII) aren’t going to go away overnight. But…
How can you avoid getting on the wrong side of GDPR?
If you’re worried about your company’s IT security, you’ll be interested to find out about Panda Adaptive Defense, the advanced cybersecurity suite that incorporates Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions with 100% Attestation and Threat Hunting & Investigation services. The combination of these solutions and services provides a detailed overview of all activities on every endpoint, total control of running processes, and reduction of the attack surface.
Panda Adaptive Defense has modules created specifically to stop access, modification and exfiltration of both internal and external information. Because Panda Data Control is able to discover, audit and monitor unstructured personal data on endpoints: from data at rest, to data in use and data in motion.
It stops uncontrolled access to your company’s sensitive data and helps you to company with the new data protection rules found in the GDPR.
Facebook has been fined £500,000 ($664,000) in the U.K. for its conduct in the Cambridge Analytica privacy scandal.
Facebook has been fined £500,000 in the U.K., the maximum fine allowed by the UK’s Data Protection Act 1998, for failing to protect users’ personal information.
Political consultancy firm Cambridge Analytica improperly collected data of 87 million Facebook users and misused it.
“Today’s progress report gives details of some of the organisations and individuals under investigation, as well as enforcement actions so far.
This includes the ICO’s intention to fine Facebook a maximum £500,000 for two breaches of the Data Protection Act 1998.” reads the announcement published by the UK Information Commissioner’s Office.
“Facebook, with Cambridge Analytica, has been the focus of the investigation since February when evidence emerged that an app had been used to harvest the data of 50 million Facebook users across the world. This is now estimated at 87 million.
The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information. It also found that the company failed to be transparent about how people’s data was harvested by others.”
This is the first possible financial punishment that Facebook is facing for the Cambridge Analytica scandal.
“A significant finding of the ICO investigation is the conclusion that Facebook has not been sufficiently transparent to enable users to understand how and why they might be targeted by a political party or campaign,” reads ICO’s report.
Obviously, the financial penalty is negligible compared to the gains of the giant of social networks, but it is a strong message to all the company that must properly manage users’ personal information in compliance with the new General Data Protection Regulation (GDPR).
What would have happened if the regulation had already been in force at the time of disclosure?
According to the GDPR, the penalties allowed under the new privacy regulation are much greater, fines could reach up to 4% of the global turnover, that in case of Facebook are estimated at $1.9 billion.
“Facebook has failed to provide the kind of protections they are required to under the Data Protection Act.” Elizabeth Denham, the UK’s Information Commissioner said. “People cannot have control over their own data if they don’t know or understand how it is being used. That’s why greater and genuine transparency about the use of data analytics is vital.”
Facebook still has a chance to respond to the ICO’s Notice of Intent before a final decision on the fine is made.
“In line with our approach, we have served Facebook with a Notice setting
out the detail of our areas of concern and invited their representations on
these and any action we propose. ” concludes the ICO update on the investigation published today by Information Commissioner Elizabeth Denham.
“Their representations are due later this month, and we have taken no final view on the merits of the case at this time. We will consider carefully any representations Facebook may wish to make before finalising our views,”
The post Facebook faces £500,000 fine in the U.K. over Cambridge Analytica scandal appeared first on Security Affairs.
The Information Commissioner’s Office (ICO) announced its plan to fine Facebook £500,000 over the Cambridge Analytica data scandal. On 10 July, the ICO published a progress report on its investigation into the Cambridge Analytica incident. The report, entitled “Investigation into the use of data analytics in political campaigns,” explained that the ICO had sent a […]… Read More
The post Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal appeared first on The State of Security.
Doctor Who’s TARDIS has sprung a data leak, Facebook’s creepy patents are unmasked, and an app to keep women safe on dates has surprising origins.
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of scams, however, phishing scam messages are designed to be deceiving. They use methods that appear valid or of some urgent matter, encouraging its victim to hand over their data.
Phishing attempts happen in many ways, such as:
- deceptive email campaigns,
- suspicious SMS alerts (called smishing),
- fake websites designed to look and sound authentic, and more.
Kids love their apps but in their excitement to download the new ones, app safety often falls straight off their radar. One of those new, fun, not-so-safe apps is Mappen.
Kids, pre-teens specifically, are jumping on Mappen to connect with friends nearby and, as the app’s tagline encourages, “Make Things Happen.” The location-based app allows friends to see each other’s location, what they are doing, and make it easy to meet up. Sounds like fun except for the fact that the app is brimming with potential security flaws.
How It Works
Anyone who downloads the Mappen app can send a friend request to anyone else and begin sharing his or her location (and data) immediately. While on Mappen, friends can share updates and photos much like any other social network. Personal data that can be shared: names, birthdates, location, likes, dislikes, photos, and friend lists.
Once a user installs the app (icon, right), he or she is asked to turn on location services that must remain on to share location, see others, and post content updates. The app also asks to access a user’s full contact list before it can be used.
Likewise, the location requirement to use the app poses a safety risk. This feature means anyone on your child’s friend list can see your child’s location at any time. As your child’s Mappen circle grows, so too might the chance of your child sharing his or her location and personal information with an unsafe “friend.”
Tips to Help Boost App Safety
Stay connected with your kids. The greatest risk to your child’s online safety is a strained relationship. Every family dynamic and circumstance varies, but consider doing all you can to make your relationship with your child a priority. When communication and trust are strong with your child, you will better know what’s going on in his or her life, whom their friends are, and if there’s a situation in which they might need help.
Monitor apps! The best way to know which apps your kids use and how they use them is to routinely monitor their phones. How do you do this? You do this physically and with technology. About once a week, look at your child’s phone and laptop or tablet (preferably with your son or daughter next to you), look at the display screen, examine the app icons, and ask questions. If you don’t recognize an app, click it open, or ask questions. Also, if there’s an app icon you click that asks for a password, it may be a vault app that requires a few more clicks or a conversation. Another way to monitor apps is using technology such as filtering software that will help you filter and track the content that comes into your home via your child’s devices.
Do your research, stay aware. Stay on top of trends in apps by reading this and other technology or family blogs. New apps come out all the time, and word-of-mouth among teens quickly spreads. One of the best ways to keep your kids safe online is to understand where they connect online and what risks those digital spaces may present. Potential risks to be aware of that some apps may carry potential privacy infringements, cyberbullying, pornography, phishing scams, malware, predators, and sex-related crimes.
Turn off location. Mappen, as well as other apps such as Facebook, Kik, and Snapchat, access a user’s location while using the app and even when the app is not in use. To ensure your location isn’t shared randomly, turn off location when apps are not in use. Depending on the age of your child, you may consider not allowing the use of location-based apps at all.
Say NO to random friend requests. It’s easy for criminals to create a fake profile and gain access into your child’s life. An attractive peer from a nearby town who wants to “connect” may be a catfish using another person’s identity or a predator looking to groom a vulnerable tween or teen.
Guard your child’s privacy. When your child shares personal information through an unsafe app, it opens up them up, and it opens up your entire family to risk. Often kids get comfortable online and forget — or don’t fully understand — the problem with sharing personal details. Review the importance of keeping details such as full name, school, birthdates, address, personal photos, and other family information private.
The post What Parents Need to Know About the Popular App Mappen appeared first on McAfee Blogs.
With summer comes permission to relax a little more, sun a little more, and fun a little more. But, as Newton’s Third Law reminds us, for every action, there is an equal and opposite reaction. Apply that principle to online safety and it might read like this: Each time you relax your family’s digital security a little, there’s a hacker nearby who will step up his or her schemes accordingly.
Now is a great time to pump up those passwords to make sure your summer playlist streams seamlessly and summer goes off without a hitch. (Note: If you feel confident in your password strength, type your email address into the site ;– Have I been pwned? to see if your passwords have been compromised).
5 Tips to Pump Up Your Password Strength
- Think strength. It’s never too late to put serious thought into creating strong passwords. Begin today. Visualize your password as a superhero. Because of their strength, superheroes like Hulk, Thor, or Optimus Prime can handily protect the world. Strip them of their strength, and each warrior becomes an average Joe vulnerable to the elements of evil. Strength is inherent to password power. Infuse your password with superhero strength by including numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be for a crook to crack (it’s okay to add a personal touch to your password). A few examples of a secure password might be: myDogisCr@yCr@y!!, Ilov3Gummi3B3ars!! or $oundOfMu$ic_1965.
- Get a password manager. If you are driving yourself crazy trying to wrangle a million passwords, a password manager will do the remembering for you. A powerful password manager will: Generate random passwords that are difficult to guess, require Multi-Factor Authentication (MFA), auto-save and securely enter your passwords on frequented sites.
- Use unique passwords and MFA. If taken seriously, these two extra steps could save you a million headaches. 1) Use unique passwords for each of your accounts. By using different passwords, you avoid having all of your accounts become vulnerable if you are hacked (think domino effect). 2) MFA is Multi-Factor Authentication (also called two-step verification or authentication ). MFA confirms a user’s identityonly after presenting two or more pieces of evidence. Though not 100% secure, this practice adds a layer of security to an account.
- Pay attention and take action. It might be summer, but if you snooze, you will lose — privacy in this case. Be sure to pay attention to the news and know if a data breach affects your family. According to the Identity Theft Resource Center® (ITRC), the number of U.S. data breach incidents in2017 hit a new record high, rising a drastic 44.7 percent over 2016. Popular sites such as Facebook, Netflix, and Twitter have experienced breaches might easily have affected you or a member of your family.
- Connect carefully. So you’ve done everything you can to create strong passwords and that’s awesome! What you can’t control is how others protect your account data, which often includes passwords. Make sure that websites, platforms, and companies that have access to your sensitive information take security seriously and have privacy and security plans in place. Google the company before you establish an account to see if it has had a data breach.
What are the potential consequences of a weak password? A determined hacker can track a person’s online activity, identify and hack weak passwords then use those weak passwords to access banking information, credit card numbers, and personal data used to steal a person’s identity. Remember: Just as you go to work each morning to put food on the table for your family, a hacker has similar goals. So, work with equal diligence to protect what’s yours.
The post Summer Refresh: Take Time to Relax but Not on Password Security appeared first on McAfee Blogs.
Summer has officially rolled out its welcome mat. But as most parents might be thinking about slowing down, for most kids, summer is when digital device use goes into overdrive. That’s why June — which also happens to be Internet Safety Month — is a perfect time strengthen your family’s digital readiness.
Good news: This digital safety skills booster is quick and actionable. And who knows — if a few of these tips boost your family’s safety, you may have just saved summer for everyone!
4 Ways to Boost Family Safety Online
Practice safe social. Challenge your family to reign in its social footprint by taking these specific actions: 1) Adjust privacy settings on all social networks. 2) Trim friend and follower lists. 3) Delete any personal data on social profiles such as birthdate, address, or school affiliation. 4) Edit, limit app permissions. As we’ve just seen in the headlines, the misuse of personal data is a very big deal. 5) Share with care. Routinely scrolling, liking, and commenting on social sites such as Snapchat and Instagram can give kids a false sense of security (and power). Remind tweens and teens to share responsibly. Oversharing can damage a reputation and words or images shared callously can damage other people.
Practice safe gaming. Summertime is a gamer’s heaven. Endless battles and showdowns await the dedicated. However, some digital pitfalls can quickly douse the fun. According to the National Cyber Security Alliance’s gaming tip sheet, safe gaming includes: updating gaming software, protecting devices from malware, protecting your child’s personal data, using voice chat safely, and paying close attention to content ratings.
Practice strong security. There are some steps only a parent can take to safeguard the family online. 1) Parental controls. Filtering software blocks inappropriate websites and apps as well as establishes boundaries for family tech use. 2) Comprehensive security software helps protect your PCs, tablets, and devices from viruses, malware, and identity theft. 3) Keeping your guard up. According to McAfee’s Gary Davis staying safe online also includes digital habits such as using strong passwords, boosting your network security and firewall, and being aware of the latest scams that target consumers.
Practice wise parenting. 1) Know where kids go. Know which apps your kids love and why, how they interact with others online, and how much time they spend online. 2) Unplug. Establish tech-free family activities this summer. Powering off and plugging into quality time is the most powerful way to keep your family safe online. Strong relationship empowers responsibility. 3) Be confident. As parenting expert, Dr. Meg Meeker says, parents should be parenting from a place of confidence, rather than from a place of fear. “The temptation for parents is to think that they have no control over what their child does online. This isn’t true,” says Meeker. “Parents, you are in control of your child’s technology use; it is not in control of you.”
The post #CyberAware: 4 Actionable Steps to Boost Your Family’s Safety Online appeared first on McAfee Blogs.
The recent Facebook-Cambridge Analytica data scandal put a spotlight on the nebulous world of data brokers and data mining. As you shop, browse the Internet, participate in a quiz, subscribe to a magazine, fill a prescription, or network on social media, data brokers are hovering in the background, stealthily collecting your personal information. In the eyes of data brokers, you are the commodity. You are being packaged and sold. Because data brokers lurk in shadowy darkness, you may be unaware of their existence, leading to such questions as: What are data brokers? What are they collecting and how do they get it? What are the dangers and what can you do?
What are Data Brokers?
According to The Federal Trade Commission (FTC), data brokers are companies that collect, analyze, package and sell consumer information. Government agencies, businesses, other data brokers, organizations, and individuals purchase your information for the purpose of marketing products, establishing identity, or detecting fraud. The data broker industry is divided into three broad categories based upon the type of product that they sell: (1) marketing products, (2) risk mitigation products, and (3) people search products. Examples of these categories are:
Risk mitigation and people search products:
How Data Brokers Get Your Information?
Your personal information is collected from commercial, government, and other publicly available sources such as:
- online or offline warranty cards, sweepstakes entries, contests, quizzes, surveys, and loyalty cards;
- web crawlers – programs that capture content across the Internet and transmit it back to the data broker’s server;
- census demographic information, motor vehicle records, driver’s license records, telephone directories, voter registrations, court filings, real property and tax assessor records, recorded liens and mortgages, real estate listings, birth, marriage, divorce and death records, professional license filings, and recreational licenses; and
- social media platforms such as Facebook, LinkedIn, WhatsApp and others.
What are Data Brokers Collecting?
Data brokers collect details of who you are and your everyday interactions. “Imagine if you could know consumers like you know your friends. Understanding what they crave, what they need, why they buy and what they’ll buy next.” This quote from Epsilon’s web page makes it clear that they want to know everything about you. For example, Experian and Epsilon collect the following data elements about you:
- life event triggers like new parents, new homeowners, and new movers;
- consumer demographics like age, gender, marital status, children, and income;
- attitudinal and behavioral data such as interests, hobbies, and brand preference;
- automotive data, vehicles consumers have in their garages, and the likelihood of households to purchase a vehicle;
- technology attributes, use and adoption of devices and, even social media platforms; and
- ailments, allergies, arthritis, diabetes, high blood pressure, respiratory ailments, and high cholesterol.
A detailed profile of your life is compiled based on the information that is collected. Data brokers analyze these elements to infer your interests, including potentially sensitive interests. You may now be grouped into multiple categories called segments with other consumers such as, “Winter Activity Enthusiast,” “Dog Owner,” “Diabetes Interest,” “Cholesterol Focus,” “Expectant Parent,” and so on. Astonishing amounts of information have been collected. For nearly every U.S. consumer data brokers have collected 3,000 data segments.
What Dangers Does This Pose?
Storing detailed consumer profiles has inherent security risks. Consumer profiles are high value targets for identity thieves and other malicious hackers. LexisNexus and ChoicePoint were victims of social engineering attacks that exposed the data of thousands of consumers. Axicom and Epsilon both experienced significant data breaches. In 2015 the Experian data breach affected 15,000,000 T-Mobile consumers. The 2017 Equifax data breach affected 145,000,000 consumers.
What You Can Do
Be proactive. Some data broker companies offer an “opt-out” form. The process may feel a bit counterintuitive as the form requires you to submit personal information such as your name, mailing address, and possibly an email address, but it’s worth the effort. According to the FTC, data brokers have indicated they will only use this information for identity verification to initiate the opt out process. It may also be necessary to submit multiple opt-out requests to take into consideration name variations. For example, “Jonathan Doe” may also need to submit an opt-out form for “John Doe.” Filling out and submitting the opt-out form may not remove your information entirely. Axicom’s opt-out form states, “the information provided on this form will be used only for the purpose of removing information about you from Axicom’s marketing products.” A master list of data brokers and their opt-out links can be found at Privacy Rights Clearinghouse and Stop Data Mining Me.
Knowing how data brokers obtain information empowers you to make informed choices. Use that knowledge to shine a light on the dark and shadowy world of data brokers. The fact that Cambridge-Analytica used the personality-quiz app, “This Is Your Digital Life,” to mine the data of millions of Facebook users should make you think twice before you participate in the next quiz that comes your way.
If you are curious to see how you may be unknowingly giving away your information, the FTC has produced this helpful video.
“It is better to light a candle than to curse the darkness” – Eleanor Roosevelt
When we think of self-harm, most of us think about rituals such as cutting in which a person may physically cut themselves in an attempt to deal with overwhelming emotions. Very few of us, especially parents, think about self-harm manifesting itself in the digital realm. However, according to a new study published in the Journal of Adolescent Health, digital self-harm is “a new problem” that demands attention.
What is Digital Self-Harm?
Digital self-harm as defined by the Cyberbullying Research Center (CRC) is the “anonymous online posting, sending, or otherwise sharing of hurtful content about oneself.” A child engages in digital self-harm by creating a fake account that he or she then uses to post mean comments to his or her real social account — comments visible to the public. An example of digital self-harm might be a child posting anonymous comments to oneself such as: “You are a waste of space. Why don’t you just die?” or “You are so ugly, why do you keep posting pictures of yourself?”
Digital self-harm, more simply put, is self-cyberbullying. Digital self-harm has allegedly been linked to two high-profile bullying cases that ended in the self-bullying teens committing suicide. According to the study, 6% of teens surveyed admitted to digital self-harm and males were significantly more likely to take part in digital self-harm (7.1% compared to 5.3%).
The CRC study suggested that some kids (in their own words) engaged in digital self-harm to be funny, get attention, or because they had low self-esteem, self-hate or hoped to get a reaction from friends. In a recent NPR story, psychologists nodded to the motivation behind self-harm as the need for others to worry about them, to prove how tough they were, or to get an adult’s or their peers’ attention. One student cited in the NPR story said she posted bullying comments to herself as a way to “beat others to the punch,” in potentially rejecting her. Whatever the reasons for posting self-harming statements or threats, doing so rings an alarm for parents, educators, counselors, and law enforcement.
According to Cyberbullying Research Center’s study authors Sameer Hinduja and Justin W. Patchin, study takeaways include the fact that 1) Parents shouldn’t ignore the possibility that a hurtful message received online by their child was sent by their child. 2) Educators, law enforcement officers, or others charged with investigating cyberbullying incidents should remain open to the possibility of digital self-harm, and conduct a thorough examination of all available evidence to get to the bottom of the incident. 3) Any time a student experiences cyberbullying, there is a problem that needs to be resolved. Even if—no, especially if—the sender and receiver are the same person.
What Parents Can Do
Monitor social media. Self-harm — digital or otherwise — is serious. Whatever the motivation behind the act may be, digital self-harm highlights a deeper hurt that’s manifesting publically that needs immediate attention. One way parents can know if their child is self-harming is to monitor social media paying close attention to the tone of the social interactions. Go a step further than reading your child’s posts. Look at the comments closely. If there’s a negative or threatening comment, examine the attached account. Is it a real account? Ask your child about the person who posted the comments. Using a filtering tool to consistently know what apps your child uses may help you monitor more consistently and thoroughly.
Avoid judgment. The reasons why a child may engage in digital self-harm can vary from serious emotional issues to a passing curiosity. If you find your child is digitally self-harming, avoid being judgmental. It’s tempting to panic and respond by shutting down all your child’s social media, but don’t. Talk the issue through and try to get to the reasons behind the action. Validate your child’s emotions without diminishing them. You don’t have to agree with the way your child expresses his or her feelings, however, validation shows support and helps your child feel heard and understood. Assess the seriousness of the situation and, if necessary, promptly, get professional help from a counselor or therapist.
Listen, observe. Listening is perhaps one of the most underutilized connection tools a parent possesses. We can gather much about our child’s emotional and social health by listening more we talk in a conversation. Pay attention to body language and tone. Understand the signs of depression or emotional distress in your teen. According to HelpGuide.org, signs of depression in teens can include sadness or hopelessness, irritability/anger, tearfulness, isolation, loss of interest in schoolwork or friends, lack of motivation, changes in eating or sleeping, abnormal fatigue or complaints of body aches, thoughts or jokes about death or suicide. If you suspect that a teenager is suicidal, take immediate action. For 24-hour suicide prevention and support in the U.S., call the National Suicide Prevention Lifeline at 1-800-273-TALK.
The post Study: Digital Self-Harm Among Teens Real; Here’s What Parents Need to Know appeared first on McAfee Blogs.
Passwords have become critical tools for every citizen of the digital world. Passwords stand between your family’s gold mine of personal data and the entirety of the internet. While most of us have a love-hate relationship with passwords, it’s beneficial to remember they do serve a powerful purpose when created and treated with intention.
But asking your kids to up their password game is like asking them to recite the state capitals — booooring! So, during this first week of May as we celebrate World Password Day, add a dash of fun to the mix. Encourage your family to test their knowledge with some Cybersavvy Trivia.
Want to find out what kind of password would take two centuries to crack? Or, discover the #1 trick thieves use to crack your password? Then take the quiz and see which family member genuinely knows how to create an awesome password.
We’ve come a long way in our understanding of what makes a strong password and the many ways nefarious strangers crack our most brilliant ones. We know that unique passwords are the hardest to crack, but we also know that human nature means we lean toward creating passwords that are also easy to remember. So striking a balance between strong and memorable may be the most prudent challenge to issue to your family this year.
Several foundational principles remain when it comes to creating strong passwords. Share them with your family and friends and take some of the worries out of password strength once and for all.
5 Password Power Principles
- Unique = power. A strong password includes numbers, lowercase and uppercase letters, and symbols. The more complicated your password is, the more difficult it will be to crack. Another option is a password that is a passphrase only you could know. For instance, look across the room and what do you see? I can see my dog. Only I know her personality; her likes and dislikes. So, a possible password for me might be #BaconDoodle$. You can even throw in a misspelling of your password to increase its strength such as Passwurd4Life. Just be sure to remember your intentional typos if you choose this option.
- Diverse = power. Mixing up your passwords for different websites, apps, and accounts can be a hassle to remember but it’s necessary for online security. Try to use different passwords for online accounts so that if one account is compromised, several accounts aren’t put in jeopardy.
- Password manager = power. Working in conjunction with our #2 tip, forget about remembering every password for every account. Let a password manager do the hard work for you. A password manager is a tech tool for generating and storing passwords, so you don’t have to. It will also auto-log you onto frequently visited sites.
- Private = power. The strongest password is the one that’s kept private. Kids especially like to share passwords as a sign of loyalty between friends. They also share passwords to allow friends to take over their Snapchat streaks if they can’t log on each day. This is an unwise practice that can easily backfire. The most powerful password is the one that is kept private.
- 2-step verification = power. Use multi-factor (two-step) authentication whenever possible. Multiple login steps can make a huge difference in securing important online accounts. Sometimes the steps can be a password plus a text confirmation or a PIN plus a fingerprint. These steps help keep the bad guys out even if they happen to gain access to your password.
It’s a lot to manage, this digital life but once you’ve got the safety basics down, you can enjoy all the benefits of online life without the worry of your information getting into the wrong hands. So have a fun and stay informed knowing you’ve equipped your family to live their safest online life!
The post Trivia Time: Test Your Family’s Password Safety Knowledge appeared first on McAfee Blogs.
- Overview of Facebook and Cambridge Analytica
- Facebook's Zuckerberg faces formal summons from MPs
- Facebook to contact 87 million users affected by data breach
- Canada data firm AIQ may face legal action in UK
- Facebook to vet UK political ads for May 2019 local elections
- Facebook to exclude billions from European privacy laws
TSB bosses came under fire after a botch upgraded to their online banking system, which meant the Spanished owned bank had to shut down their online banking facility, preventing usage by over 5 million TSB customers. Cybercriminals were quick to take advantage of TSB's woes.
Great Western Railway reset the passwords of more than million customer accounts following a breach by hackers, US Sun Trust reported an ex-employee stole 1.5 million bank client records, an NHS website was defaced by hackers, and US Saks, Lord & Taylor had 5 million payment cards stolen after a staff member was successfully phished by a hacker.
The UK National Cyber Security Centre (NCSC) blacklist China's state-owned firm ZTE, warning UK telecom providers usage of ZTE's equipment could pose a national security risk. Interestingly BT formed a research and development partnership with ZTE in 2011 and had distributed ZTE modems. The NCSC, along with the United States government, released statements accusing Russian of large-scale cyber-campaigns, aimed at compromising vast numbers of the Western-based network devices.
- NCSC: Joint US - UK statement on malicious cyber activity carried out by the Russian government
- US-Cert Alert (TA18-106A) - Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
- Ikea’s Task Rabbit App hit by Cyber Security Incident
- At least 432 UK Businesses to be Affected by NIS Cyber-Security Regulation
- TSB 'Data Breach' amid Online Banking Upgrade Chaos
- Great Western Railway Accounts Breached
- NHS Website Defaced by Hackers
- Equifax Data Breach cost hits £175 million - £91 million insured
- Sun Trust Ex-Employee Stolen 1.5 Million Bank Clients
- Ransomware Infects Ukraine Energy Ministry Website
- UK National Cyber Security Centre Blacklists one of China's State-Owned ZTE
- 1.5bn Sensitive Files are Exposed on the Internet – Digital Shadows
- Almost 3 Million EU citizens hit by Facebook Data Breach
- Saks, Lord & Taylor Staff Phish lead to an up to 5 Million Payment Card Data Breach
- Will the boom in public cloud services open the doors to cyber criminals?
- Microsoft Patches 63 Vulnerabilities for IE/Edge, Exchange, Office ChakraCore & Flash
- Microsoft issues more Spectre Updates (Out-of-Band Update)
- Adobe Releases Critical Fixes for Flash Player
- Apple release updates to fix Security issues in iOS, macOS, Safari and various Apps
- Insecure default configuration still endangering SAP users after 13 years
- Intel Urges users to Delete Remote Keyboard App and halts Spectre fixes
- Juniper Patched Multiple Vulnerabilities
- Cisco Patches Vulnerability in WebEx
- Hackers using Flaw in Cisco Switches to Attack
- Drupal Releases Patch for a Code-Execution Bug Actively being Exploited
- Russian State-sponsored Hackers Attacking network infrastructure says UK & US Govs
- UK Hit by 'More Online Attacks than Ever Before’ according to NCSC
- NCSC warns CNI Supply Chain under Sustained Attack
- New Hacker Groups emerging in Asia and in the Middle East
- Orangeworm attacks X-Ray machines in campaign spanning UK, Europe, US
- Massive Phishing Campaign Targets Half a Billion Users in Q1 2018
- North Korea likely Culprit in Complex GhostSecret Cyber-Espionage Campaign
Data mining. Privacy breaches. Malicious third parties. Do you ever feel like these scary sounding, albeit significant, concerns got left at the curb somewhere between carpool duty, doctor appointments, and trying to hit two softball games and a track meet in the same day?
You are far from alone. If asked, most of us would confess: Our digital safety habits aren’t keeping up with the wild pace of technology. We understand the risks to our privacy online, but few of us have the time to protect it.
Have you given up? Perhaps you believe the internet is winning and that personal privacy is an outdated, even naïve, expectation online.
That sentiment is true but only to a small extent. Here’s what’s truer: With intention, a small chunk of time — and enlisting the whole family — you can begin to rewrite your privacy future.
You can take steps toward managing (and enjoying) your technology like a boss. Here’s how to get the whole crew on board for a family-wide privacy update.
5 Hands-On Ways to Begin Safeguarding Your Family’s Online Data
- Call a family huddle. Change takes action. A successful family-wide privacy update will require, well, the whole family. Call a family huddle. Ask each family member to inventory all devices including phones, tablets, PCs, toys, televisions, gaming systems. This list represents vulnerabilities or points of entry. Assign responsibility to each device. Just as you’d lock windows and doors, commit to securing down digital doorways. Huddle goals: Make privacy a family priority, discuss the online risks, challenge your digital-loving pack to higher digital standards, set up a reward system for keeping family devices safe. Remember: Technology is a privilege, not a right (no matter how culture positions it to the contrary).
- Upgrade privacy settings on social platforms. Any social platform — be it Facebook, Instagram, Snapchat or others — requires attention when it comes to protecting personal data. Go through each app and update your privacy settings. Educate yourself on what data you are sharing and with whom. Look closely at the information you’ve willingly shared, and make adjustments from there. For kids: Wipe social profiles clean of any personal information such as school name, age, address, phone number, email, location, and any other personal content.
- Scrub apps, update software, add security. Technology brings with it oodles of convenience. However, as with an automobile, our tech also needs maintenance to be enjoyed responsibly. Smartphones, tablets, televisions, and PCs require regular cleaning and updating. As a family, commit to making these changes. 1) Delete unused apps 2) Select “auto update” for software on both your mobile devices and computers 3) Install (and update) robust security software that protects devices against viruses, hackers, and spyware. Useful security software should also filter offensive content, pictures, and websites.
- Create strong, unique passphrases. As part of your family’s overall security update, make sure to create strong passwords for family devices. What’s a strong password? According to National Institute of Standards and Technology (NIST), think in terms of a passphrase rather than a password. Passphrases should be simple, long and memorable. They should contain lowercase letters and word associations only you would know. For instance: cottoncandyskies, burntsmoresinsummer, or poetrypinkpasta.Make sure everyone from the eight-year-old to the 18-year-old understands why it’s important to use strong, unique passphrases. To reinforce this, consider a reward for family members who stay on top of their digital housekeeping.
- Follow-through, follow-through, follow-through! The only plan of any value is the one that is executed. So much of parenting is spent communicating goals, but effective parenting happens in following through with those goals. Be a firm, focused digital parent. Don’t just communicate the digital risks; follow through to make sure your child makes the hands-on changes listed here to protect their online data. Sit down, watch them do it. Review devices and settings. Discuss and physically check off privacy basics which include: 1) Updating privacy settings on devices and social networks 2) Use strong passphrases 3) Not sharing personal information online 4) Deleting unused apps and auto-updating software 5) Making digital privacy a personal priority.
The post You vs. the Internet: 5 Hands-On Ways to Begin Safeguarding Your Family’s Privacy appeared first on McAfee Blogs.
[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
Instagram looks like Facebook's best hope
With all the attention on Mark Zuckerberg's visit to DC this week, it can be easy to lose sight of an important detail: Facebook also owns Instagram. Of course, this means it also has access to the photo-sharing app's massive user base. Bloomberg Businessweek has a detailed look at the relationship between the two companies as Instagram approaches 1 billion total users.
Is it time to #deleteFacebook? Facebook’s long line of dramas has many of us rethinking our dependence on Mark Zuckerberg’s largest social media platform. While many of us were alarmed at the fake news allegations last year, the recent scandal with Cambridge Analytica has us genuinely spooked and now asking ourselves this question.
The fact that Facebook allowed British data analysis firm Cambridge Analytica to tap the Facebook profiles of more than 50 million users without their knowledge has many of us questioning both our – and our children’s – relationship with the social media platform. How compromised is our privacy? What’s really happening with our data? Is our every online move really being monitored?
The immediate reaction of many is to delete their Facebook accounts and insist their kids do the same. When news broke of the Cambridge Analytica scandal, the #deleteFacebook hashtag trended heavily on Twitter. Many high profile tech types deleted their personal and business Facebook accounts and, consequently, drove the Twittersphere into a frenzy.
To #DeleteFacebook Or Not To #DeleteFacebook?
But many of us can’t really afford to be idealists. Some of us run online businesses and rely heavily on Facebook. Others use Facebook for our jobs. Many of us (and our kids) use Facebook to run our social lives – organise events and parties, remember birthdays and stay in touch with friends and family across the world. And for nearly all of us, it is our digital scrapbook that preserves our important life events, shared moments and memories. In short, we would be lost without it.
While the black and white idealist in me absolutely agrees that we should delete Facebook, the realist in me acknowledges that life is often lived in the shades of grey. Facebook has spent more than a decade making itself a deeply entrenched part of our modern society. Saying farewell to this part of your life is a decision that I believe many of us would find almost impossible to make.
So, while deleting Facebook from your online life is the most drastic way of protecting your data, there are steps you can take to keep your account more secure and your personal information more private. Here are my top recommendations:
Set up new logins for each app you are using.
Setting up a new login and password for each app you’re using is a great way to protect yourself and your data online. Login may take fractionally longer but it will help ensure your data is not shared between different services.
Review your third party apps – the ones you joined using Facebook.
Facebook has made it just so easy for us to download apps using our Facebook settings that many of us have acquired quite the collection of apps. The problem is that Facebook provides these apps with our data including our name, location, email or even our friends list. So, review these apps, people! Not sure where to start? Go to Settings > Apps > Logged in with Facebook and remove anything that doesn’t absolutely need access to your Facebook profile. You will still have to contact the app developer to ensure they have deleted the data they already have gathered on you. Tedious but worth it!
Don’t overshare on social media.
Oversharing online gets many of us including our kids into trouble and allows cybercriminals and ‘data analysis types’ the ability to form an accurate picture of us very quickly! Being conscious of what is publicly available from your social media profiles is essential. Ensure every member of the family knows to NEVER share their telephone number, address or details of their school online. Also rethink whether you really want your relationship status made public, or the city of your birth.
Cull your Friends list.
The Cambridge Analytica scandal should provide us all with a reality check about how we manage online friends. In 2015, an app entitled ‘this is your digital life’ was developed by Cambridge Professor Dr Aleksandr Kogan and then downloaded by 270,000 users. Those who opted in allowed the app access to their information – including their friends – which then gave Kogan access to the data of over 50 million Facebook users. Facebook have reportedly since changed their terms of service and claim app developers can no longer access this detail, or at least, not at the same level of detail. So, go through your friend list and delete those you barely know or who were just passing acquaintances. Do you really want to share your personal or family updates with these people?
Choose a different social media platform to connect to apps.
If an app lets you choose which account you use to login, pick one which holds limited data about its users. Twitter could be a good choice as it tends to hold less personal information about you.
And while I salute those who are bold enough to #deleteFacebook and insist their kids do so, I know that it isn’t for me. I choose to stay. I’ll navigate my way around the risks and flaws, so I can enjoy the upside – belonging to my community, keeping my job and adding to my digital scrapbook.
Till next time,
One of the biggest data breach announcements of the past week belonged to Orbitz, which said on Tuesday that as many as 880,000 customers may have had their payment card and other personal information compromised due to unauthorized access to a legacy Orbitz travel booking platform.
“Orbitz determined on March 1, 2018 that there was evidence suggesting that, between October 1, 2017 and December 22, 2017, an attacker may have accessed certain personal information, stored on this consumer and business partner platform, that was submitted for certain purchases made between January 1, 2016 and June 22, 2016 (for Orbitz platform customers) and between January 1, 2016 and December 22, 2017 (for certain partners’ customers),” the company said in a statement.
Information potentially compromised includes payment card information, names, dates of birth, addresses, phone numbers, email addresses, and gender.
As American Express noted in its statement about the breach, the affected Orbitz platform served as the underlying booking engine for many online travel websites, including Amextravel.com and travel booked through Amex Travel Representatives.
Expedia, which purchased Orbitz in 2015, did not say how many or which partner platforms were affected by the breach, USA Today reported. However, the company did say that the current Orbitz.com site was not affected.
Other trending cybercrime events from the week include:
- State data breach notifications: Island Outdoor is notifying customers that payment card information may have been stolen due to the discovery of malware affecting several of its websites. Agemni is notifying customers about unauthorized charges after “a single authorized user of our software system used customer information to make improper charges for his personal benefit.” The Columbia Falls School District is notifying parents of a cyber-extortion threat involving their children’s personal information. Intuit is notifying TurboTax customers that their accounts may have been accessed by an actor leveraging previously leaked credentials. Taylor-Dunn Manufacturing Company is notifying customers that it discovered cryptocurrency mining malware on a server and that a file containing personal information of those registered for the Taylor-Dunn customer care or dealer center may have been accessed. Nampa School District is notifying a “limited number” of employees and Skamania Public Utility District is notifying customers that their personal information may have been compromised due to incidents involving unauthorized access to an employee email account.
- Data exposed: A flaw in Telstra Health’s Argus software, which is used by more than 40,000 Australian health specialists, may have exposed the medical information of patients to hackers. Primary Healthcare is notifying patients of unauthorized access to four employee email accounts. More than 300,000 Pennsylvania school teachers may have had their personal information publicly released due to an employee error involving the Teacher Management Information System.
- Notable ransomware attacks: The city of Atlanta said a ransomware attack disrupted internal and customer-facing applications, which made it difficult for citizens to pay bills and access court-related information. Atrium Hospitality is notifying 376 hotel guests that their personal information may have been compromised due to a ransomware infection at a workstation at the Holiday Inn Sacramento. Finger Lakes Health said it lost access to its computer system due to ransomware infection.
- Other notable events: Frost Bank said that malicious actors comprised a third-party lockbox software program and were able to access images of checks that were stored in the database. National Lottery users are being advised to change their passwords after 150 accounts were affected by a “low-level” hack. A lawsuit against Internet provider CenturyLink and AT&T-owned DirecTV alleges that customer data was available through basic Internet searches.
SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of the top trending targets are shown in the chart below.
Cyber Risk Trends From the Past Week
Facebook has faced a week of criticism, legal actions, and outcry from privacy advocates after it was revealed that the political consulting Cambridge Analytica had accessed the information of 50 million users and leveraged that information while working with the Donald Trump campaign in 2016.
“Cambridge Analytica obtained the data from a professor at the University of Cambridge who had collected the information by creating a personality-quiz app in 2013 that plugged into Facebook’s platform,” The Wall Street Journal reported. “Before a policy change in 2015, Facebook gave app creators and academics access to a treasure trove of data, ranging from which pages users liked to details about their friends.”
It isn’t clear how many other developers might have retained information harvested from Facebook before the 2015 policy change, The Journal reported. However, Mark Zuckerberg said the company may spend “many millions of dollars” auditing tens of thousands of data collecting apps in order to get a better handle on the situation.
The privacy breach has already led to regulatory scrutiny and potential lawsuits around the globe. Bloomberg reported that the FTC is probing whether data handling violated terms of a 2011 consent decree. In addition, Facebook said it would conduct staff-level briefings with six congressional committees in the coming week. Some lawmakers have called for Zuckerberg to testify as well, and Zuckerberg told media outlets that he would be willing to do so if asked.
Facebook’s stock price has dropped from $185 to $159 over the past eight days amid the controversy, and several companies have suspended their advertising on Facebook or deleted their Facebook pages altogether due to the public backlash.
Cyberbullying: if you have a tween or teen and haven’t workshopped this with your kids then you need to put a time in the diary now. Cyberbullying is one of the biggest challenges our children’s generation will face and unfortunately, it isn’t going away.
The recent tragic suicide of 14 year old Aussie girl Amy ‘Dolly’ Everett as a result of online bullying needs to be a wake-up call for parents. Many kids who are bullied online feel completely ashamed and publicly humiliated and can’t see a way past the embarrassment. They don’t have the skills to handle it and don’t know where to seek help. Yes, we are first-generation digital parents BUT we need to prioritise our children’s safety and well-being online. And sort this out FAST!
How Big An Issue Is Cyberbullying?
In its 2016-17 annual report, the Office of the e-Safety Commissioner reveals an increase of 60% in the reported cases of cyberbullying compared with the previous year. The report also shows that:
- Aussie tweens/teens between the ages of 12 and 16 are the primary targets of cyberbullying
- Girls made up 63% of the victims
And it isn’t just us parents that consider this to be a big issue – our teens are also concerned. A study of 5000 teens across eleven countries by Vodafone in 2015 showed that in fact over half the teens surveyed considered cyberbullying to be worse than face-to-face bullying, and that 43% believe it is a bigger problem for young people than drug abuse!
So, clearly we have a problem on our hands – and one that isn’t getting better over time.
Why Is Cyberbullying Occurring More Frequently?
Many parenting experts believe a lack of empathy to be a major factor in cyberbullying. In her book, Unselfie, US Parenting Expert Dr Michele Borba explains that we are in the midst of an ‘empathy crisis’ which is contributing to bullying behaviour. She believes teens today are far less empathetic than they were 30 years ago.
Giving children access to devices and social media before they have the emotional smarts to navigate the online world is another factor. You would be hard-pressed to find a child in Year 5 or 6 at a primary school in any Australian capital city who doesn’t have access to or own a smartphone. And once that phone has been given to your child, it’s impossible to supervise their every move. Within minutes they can join social media platforms (some creativity required on the age), enter chat rooms, and view highly disturbing images.
The younger the child, the less likely he or she is to have the emotional intelligence to either navigate tricky situations or make smart decisions online. Perhaps we should all take a lesson from Microsoft co-founder Bill Gates who made his kids wait till they were 14 until being given a phone?
How To Minimise The Risk Of Your Child Being Cyberbullied
There are no guarantees in life, but there are certain steps we can take to reduce the chance of our children being impacted by cyberbullying. Here are my top 5 suggestions:
Establishing a culture where honest, two-way communication is part of the family dynamic is one of the absolute best things you can do. Let your children know they can confide in you, that nothing is off-limits and that you won’t overreact. Then they will be more likely to open up to you about a problem before it becomes insurmountable.
- Understand Their World.
With a deep understanding of your child’s world (their friends, their favourite activities, the movies they see) you’re better equipped to notice when things aren’t swimming along nicely. Establishing relationships with your child’s teachers or year group mentors is another way to keep your ear to the ground. When a child’s behaviour and activity level changes, it could be an indicator that all is not well. So some parental detective work may be required!
- Weave Cyber Safety Into Your Family Dialogue.
We all talk about sun safety and road safety with our children from a young age. But we need to commit to doing the same about cyber safety. Teach your kids never to share passwords, never to give out identifying information of any kind online, never to respond to online trolls or bullies. Then they will definitely add a layer of armour to shield them from becoming a victim of cyberbullying.
- Limit Screen Time.
I know it seems like an ongoing battle but limiting screen time for social media is essential. One of the easiest ways of doing this is by offering them attractive real-life options. Bike rides, beach visits and outings with friends and family are all good ways of redirecting their attention. And make sure their phone/tablet is out of easy reach at night. Yes, it is more effort but it is so worth it. Less time online = less risk!
- Teach Your Kids What To Do If They Are Cyberbullied.
It is essential your kids know what to do if they are being cyberbullied. Blocking the bullying is critical, so take some time with your kids to understand the block features on the social networks they use. Collecting evidence is crucial, everything should be screen-shot – ensure your child knows how to do this. You can report the cyberbullying incident to the Office of the eSafety Commissioner who work to have offensive material removed and cyberbullying situations addressed. And why not check out the support offered by your child’s school? It’s important your kids know they have a number of trusted adults in their life they can get help from if things get tough.
So, let’s commit to doing what we can to protect our kids from cyberbullying. Your kids need to know that they can talk to you about anything that is bothering them online – even if it is tough or awkward. Dolly Everett’s final drawing, before she took her life, included the heart-rending caption ‘…speak even if your voice shakes.’ Please encourage your kids to do so.
The post Cyberbullying – How Parents Can Minimize Impact On Kids appeared first on McAfee Blogs.
Two weeks ago, a co-worker received a message in Facebook Messenger from his friend. Based on the message, it seemed that the sender was telling the recipient that he was part of a video in order to lure him into clicking it.
The shortened link was initially redirecting to Youtube.com, but was later on changed to redirect to yet another shortened link – po.st:
The po.st shortened link supported two types of redirection links – original link and smart links. If the device that accessed the URL was running in iOS or Android, it was redirected to the utm.io shortened link, otherwise it was redirected to smarturl.it.
So for the iOS and Android users, they were served with the following phishing page:
For the rest of the devices, the users ended up with the smarturl.it link that went through several redirections which eventually led to contenidoviral.net. That page contained an ad-affiliate URL which redirected to mobusi.com, a mobile advertising company.
Based on the data from the links, the campaign began last October 15th when it targeted mostly Swedish users. On the 17th, it moved to targeting Finnish users. Then from 19th onwards, it mostly went after German users.
The total number of clicks for the entire campaign reached almost 200,000, where close to 80% of the visitors were from Germany, Sweden and Finland.
The campaign ran for two weeks with a main motive of stealing Facebook credentials from iOS and Android users. The cybercriminals used those stolen credentials to spread the malicious links, and subsequently gather more credentials. However, while in the process of stealing the credentials, the cybercriminals also attempted to earn from other non-iOS and non-Android users through ad-fraud.
This practice of using email addresses in place of unique names as account credentials creates a big opportunity for phishers. Just by launching this Facebook phishing campaign, they can mass harvest email and password credentials that are later on used for secondary attacks such as gaining access to other systems or services that could have a bigger monetary value because of password reuse.
We highly recommend the affected users to change their passwords as soon as possible, including other systems and services where the same compromised password was used.
Recently there's been some coverage of Twitter's propensity for porn. Some research has shown that one in every thousand tweets contains something pornographic. With 8662 tweets purportedly sent every second, that's quite a lot.
Now, this is not something that has escaped our notice here at Smoothwall HQ. We like to help our customers keep the web clean and tidy for their users, and mostly that means free of porn. With Twitter that's particularly difficult. Their filtering isn't easy to enforce and, while we have had some reasonable results with a combination of search term filtering and stripping certain tweets based on content, it's still not optimal. Twitter does not enforce content marking and 140 characters is right on the cusp of being impossible to content filter.
That said - how porn riddled is Twitter? Is there really sex round every corner? Is that little blue bird a pervert? Well, what we've found is: it's all relative.
Twitter is certainly among the more gutter variety of social networks, with Tumblr giving it a decent run for boobs-per-square-inch, but the likes of Facebook are much cleaner — with even images of breastfeeding mothers causing some controversy.
Interestingly, however, our back-of-a-beermat research leads us to believe that about 40 in every 1000 websites is in some way linked to porn — these numbers come from checking a quarter of a million of the most popular sites through Smoothwall's web filter and seeing what gets tagged as porn. Meanwhile, the Huffington Post reports that 30% of all Internet traffic is porn - the biggest number thus far. However, given the tendency of porn toward video, I guess we shouldn't be shocked.
Twitter: hard to filter, relatively porn-rich social network which is only doing its best to mirror the makeup of the Internet at large. As a school network admin, I would have it blocked for sure: Twitter themselves used to suggest a minimum age of 13, though this requirement quietly went away in a recent update to their terms of service.
You have seen them if you are on Facebook, and perhaps even posted one yourself. I’m talking about the statements that aim to defuse Facebook’s new terms of service, which are claimed to take away copyright to stuff you post. To summarize it shortly, the virally spreading disclaimer is meaningless from legal point of view and contains several fundamental errors. But I think it is very good that people are getting aware of their intellectual rights and that new terms may be a threat.
Terms of service? That stuff in legalese that most people just click away when starting to use a new service or app. What is it really about and could it be important? Let’s list some basic points about them.
- The terms of service or EULA (End User License Agreement) is a legally binding agreement between the service provider and the user. It’s basically a contract. Users typically agree to the contract by clicking a button or simply by using the service.
- These terms are dictated by the provider of the service and not negotiable. This is quite natural for services with a large number of users, negotiating individual contracts would not be feasible.
- Terms of service is a defensive tool for companies. One of their primary goals is to protect against lawsuits.
- These terms are dictated by one part and almost never read by the other part. Needless to say, this may result in terms that are quite unfavorable for us users. This was demonstrated in London a while ago. No, we have not collected any children yet.
- Another bad thing for us users is the lack of competition. There are many social networks, but only one Facebook. Opting out of the terms means quitting, and going to another service is not really an option if all your friends are on Facebook. Social media is by its nature monopolizing.
- The upside is that terms of service can’t change the law. The legislation provides a framework of consumer and privacy protection that can’t be broken with an agreement. Unreasonable terms, like paying with your firstborn child, are moot.
- But be aware that the law of your own country may not be applicable if the service is run from another country.
- Also be aware that these terms only affect your relationship to the provider of the service. Intelligence performed by authorities is a totally different thing and may break privacy promises given by the company, especially for services located in the US.
- The terms usually include a clause that grant the provider a license to do certain things with stuff the users upload. There’s a legitimate reason for this as the provider need to copy the data between servers and publish it in the agreed way. This Facebook debacle is really about the extent of these clauses.
Ok, so what about Facebook’s new terms of service? Facebook claim they want to clarify the terms and make them easier to understand, which really isn’t the full story. They have all the time been pretty intrusive regarding both privacy and intellectual property rights to your content, and the latest change is just one step on that path. Most of the recent stir is about people fearing that their photos etc. will be sold or utilized commercially in some other way. This is no doubt a valid concern with the new terms. Let’s first take a look at the importance of user content for Facebook. Many services, like newspapers, rely on user-provided content to an increasing extent. But Facebook is probably the ultimate example. All the content you see in Facebook is provided either by the users or by advertisers. None by Facebook itself. And their revenue is almost 8 billion US$ without creating any content themselves. Needless to say, the rights to use our content is important for them. What Facebook is doing now is ensuring that they have a solid legal base to build current and future business models on.
But another thing of paramount importance to Facebook is the users’ trust. This trust would be severely damaged if private photos start appearing in public advertisements. It would cause a significant change in peoples relationship with Facebook and decrease the volume of shared stuff, which is what Facebook lives on. This is why I am ready to believe Facebook when they promise to honor our privacy settings when utilizing user data.
Let’s debunk two myths that are spread in the disclaimer. Facebook is *not* taking away the copyright to your stuff. Copyright is like ownership. What they do, and have done previously too, is to create a license that grant them rights to do certain things with your stuff. But you still own your data. The other myth is that a statement posted by users would have some kind of legal significance. No, it doesn’t. The terms of service are designed to be approved by using the service, anyone can opt to stop using Facebook and thus not be bound by the terms anymore. But the viral statements are just one-sided declarations that are in conflict with the mutually agreed contact.
I’m not going to dig deeper into the changes as it would make this post long and boring. Instead I just link to an article with more info. But let’s share some numbers underlining why it is futile for ordinary mortals to even try to keep up with the terms. I browsed through Facebook’s set of terms just to find 10 different documents containing some kind of terms. And that’s just the stuff for ordinary users, I left out terms for advertisers, developers etc. Transferring the text from all these into MS Word gave 41 pages with a 10pt font, almost 18 000 words and about 108 000 characters. Quite a read! But the worst of all is that there’s no indication of which parts have changed. Anyone who still is surprised by the fact that users don’t read the terms?
So it’s obvious that ordinary user really can’t keep up with terms like this. The most feasible way to deal with Facebook’s terms of service is to consider these 3 strategies and pick the one that suits you best.
- Keep using Facebook and don’t worry about how they make money with your data.
- Keep using Facebook but be mindful about what you upload. Use other services for content that might be valuable, like good photos or very private info.
- Quit Facebook. That’s really the only way to decline their terms of service.
By the way, my strategy is number 2 in the above list, as I have explained in a previous post. That’s like ignoring the terms, expecting the worst possible treatment of your data and posting selectively with that in mind. One can always put valuable stuff on some other service and post a link in Facebook.
So posting the viral disclaimer is futile, but I disagree with those who say it’s bad and it shouldn’t be done. It lacks legal significance but is an excellent way to raise awareness. Part of the problem with unbalanced terms is that nobody cares about them. A higher level of awareness will make people think before posting, put some pressure on providers to make the terms more balanced, and make the legislators more active, thus improving the legal framework that control these services. The legislation is by the way our most important defense line as it is created by a more neutral part. The legislator should, at least in theory, balance the companies’ and end users’ interests in a fair way.
Image: Screenshot from facebook.com