Category Archives: social networks

Should you delete yourself from social media?

You’re feeling like you’ve had enough. All the recent news—from Facebook’s Cambridge Analytica snafu to various abuses of Twitter vulnerabilities—has you wondering: Should I delete myself from social media?

Social networking does have its positive aspects. You can stay in touch with distant (or not) relatives, be included in the planning of social events within your circle of friends, get real-time updates on regional and national news, and promote your company, content, or other personal ventures. Plus, you get to experience all the cool memes a full two weeks after they’ve been posted on Reddit.

Then again, there are quite a few reasons—spanning security, privacy, and overall shady business practices—for leaving. In 2018 alone, Facebook experienced a security breach that impacted 50 million accounts, was responsible for a genocide incited using its platform, kept user data it said it deleted, and was caught abusing Apple development apps to test on children. Twitter, meanwhile, has not only been at the butt end of password bugs, hacks, and data breaches, but some could say these days is a general dumpster fire of bot accounts.

Instagram and Snapchat are not without their flaws, either. Hackers are targeting influencer accounts on Insta, while Snapchat has been the recipient of phishing attacks and security breaches.

Unfortunately, we can’t make the decision to quit social media for you. Instead, we recommend you make a list of pros and cons. Consider what data might be lost. Consider what time and peace of mind might be gained. Weigh the rewards against the risks. If you come away feeling ready to take a step back, but not quite quit cold turkey, we can help you with ways to tighten security and privacy settings. And if that’s not enough, we’ll show you how to delete your accounts.

Let’s start slowly

If you’re not quite ready to cut the chord, a good option for cooling down on social media is to adjust the privacy settings on all of your accounts. This is a sensible thing to do, even if you aren’t considering leaving. It also has the bonus side effect of increasing awareness of just how much you share on social media.

In a previous blog, we discussed how to secure your social media profiles in great detail. We recommend users who aren’t deleting themselves read this first to understand the intricacies. Next, here’s a quick and dirty list of links to follow in order to adjust privacy settings across the top four social networking platforms:

After adjusting the settings, it’s a good idea to monitor and track your social media usage moving forward, either for the purpose of time management, focus, or beating social media addiction. As more and more of our media consumption moves to smart phones, you can leverage several apps that will help you achieve these goals. These include:

Goodbye, top four!

Let’s say you sat down, had a good think, and decided that it’s time to move on from social media. You can begin by collecting the appropriate links. Below, we’ve included links to download your data from the most popular platforms. You should download your personal information from these social networking sites prior to the nuclear option, should you experience remorse. Plus, it’s a real eye opener to find out exactly how much data you generate and share on social networking platforms.

Facebook

Time to permanent deletion: Once 14 days have passed, your deletion request will be started. This can take upwards of 90 days to complete.

Twitter

Time to permanent deletion: It takes up to 30 days for Twitter to completely delete your account.

Instagram

Time to permanent deletion: Immediately!

Snapchat

Time to permanent deletion: 30 days

Google+

Ha ha ha, ho ho ho, he he he he. This one is mostly for the giggles. Google will abandon this particular endeavor on April 2, 2019. But if you feel the need to delete yourself before then, here’s what to do:

The right time

Security researchers love social media platforms. They’re a vast source of open-source intelligence (OSINT) and help us make attribution possible (provided your adversary has poor OPSEC). However, the reasons we enjoy social media may also be the reasons why regular consumers should take a beat and consider the benefits.

When you’re ready to make a decision, we’ve given you all the necessary links to back up and delete these accounts, as well as some material that may help you decide which ones to keep, and how to properly secure them.

If social media is causing anxiety, stress, or depression; if you’re tired of your data being mined and shared with third parties; if it’s starting to feel more like work to maintain instead of pleasure, then it may be time to shore up defenses and take a break, or even step away for good. And if that time comes, we’re here for you.

The post Should you delete yourself from social media? appeared first on Malwarebytes Labs.

Security Affairs: Facebook dismantled a vast manipulation campaign tied to Iran

Facebook took down hundreds of fake accounts from Iran that were involved in a vast manipulation campaign active in more than 20 countries.

Facebook took down 783 inauthentic accounts, pages and groups from Iran that were involved in a vast manipulation campaign active in more than 20 countries.

“The world’s biggest social network said it removed 783 pages, groups and accounts “for engaging in coordinated inauthentic behavior tied to Iran.“” reported the AFP Press.

Nathaniel Gleicher, head of cybersecurity policy at Facebook, revealed that the pages were promoting Iranian interest in tens of countries, threat actors used fake identities as residents of those nations,

The pages were part of a campaign to promote Iranian interests in various countries by creating fake identities as residents of those nations, according to a statement by Nathaniel Gleicher, head of cybersecurity policy at Facebook.

Iran manipulation campaign Facebook

Facebook continues its efforts to prevent manipulation of its platform for fraudulent activities.

“We are constantly working to detect and stop this type of activity because we don’t want our services to be used to manipulate people,” Gleicher
declared.

“We’re taking down these pages, groups and accounts based on their behavior, not the content they post. In this case, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.”

Threat actors behind the campaign represented themselves as locals and posted news stories on current events. The accounts were used to discuss about topics of interest for Iranians, such as Israel-Palestine relations and the conflicts in Syria and Yemen.

“This morning we removed 783 Pages, groups and accounts for engaging in coordinated inauthentic behavior tied to Iran. There were multiple sets of activity, each localized for a specific country or region, including Afghanistan, Albania, Algeria, Bahrain, Egypt, France, Germany, India, Indonesia, Iran, Iraq, Israel, Libya, Mexico, Morocco, Pakistan, Qatar, Saudi Arabia, Serbia, South Africa, Spain, Sudan, Syria, Tunisia, US, and Yemen.” wrote Nathaniel Gleicher.

“The Page administrators and account owners typically represented themselves as locals, often using fake accounts, and posted news stories on current events. This included commentary that repurposed Iranian state media’s reporting on topics like Israel-Palestine relations and the conflicts in Syria and Yemen, including the role of the US, Saudi Arabia, and Russia.”

In some cases, the activity carried out by the fake accounts date back to 2010.

Facebook pointed out that although threat actors attempted to hide their identities, the manual review of the activities associated with these accounts allowed them to identify the coordinated inauthentic behavior from Iran.

The campaign operated by threat actors as early as 2010 involved 262 pages, 356 accounts, and three groups on Facebook, as well as 162 accounts on Instagram.

According to Facebook, about 2 million accounts followed at least one of the above pages, about 1,600 accounts joined at least one of the groups, and more than 254,000 accounts followed at least one of these Instagram accounts.

The social network giant reported that operators spent less than $30,000 in ads on Facebook and Instagram, they were paid for primarily in US dollars, UK pounds, Canadian dollars, and euros

“We identified some of these accounts through our continued investigation into Iranian coordinated inauthentic behavior we found and removed last year.” concludes Gleicher.

“Our investigation was aided by open source reporting and information provided to us by our industry peers. We have shared information about our investigation with US law enforcement, the US Congress, and policymakers in impacted countries. “

Pierluigi Paganini

(SecurityAffairs – Facebook, manipulation campaign)

The post Facebook dismantled a vast manipulation campaign tied to Iran appeared first on Security Affairs.



Security Affairs

Facebook dismantled a vast manipulation campaign tied to Iran

Facebook took down hundreds of fake accounts from Iran that were involved in a vast manipulation campaign active in more than 20 countries.

Facebook took down 783 inauthentic accounts, pages and groups from Iran that were involved in a vast manipulation campaign active in more than 20 countries.

“The world’s biggest social network said it removed 783 pages, groups and accounts “for engaging in coordinated inauthentic behavior tied to Iran.“” reported the AFP Press.

Nathaniel Gleicher, head of cybersecurity policy at Facebook, revealed that the pages were promoting Iranian interest in tens of countries, threat actors used fake identities as residents of those nations,

The pages were part of a campaign to promote Iranian interests in various countries by creating fake identities as residents of those nations, according to a statement by Nathaniel Gleicher, head of cybersecurity policy at Facebook.

Iran manipulation campaign Facebook

Facebook continues its efforts to prevent manipulation of its platform for fraudulent activities.

“We are constantly working to detect and stop this type of activity because we don’t want our services to be used to manipulate people,” Gleicher
declared.

“We’re taking down these pages, groups and accounts based on their behavior, not the content they post. In this case, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.”

Threat actors behind the campaign represented themselves as locals and posted news stories on current events. The accounts were used to discuss about topics of interest for Iranians, such as Israel-Palestine relations and the conflicts in Syria and Yemen.

“This morning we removed 783 Pages, groups and accounts for engaging in coordinated inauthentic behavior tied to Iran. There were multiple sets of activity, each localized for a specific country or region, including Afghanistan, Albania, Algeria, Bahrain, Egypt, France, Germany, India, Indonesia, Iran, Iraq, Israel, Libya, Mexico, Morocco, Pakistan, Qatar, Saudi Arabia, Serbia, South Africa, Spain, Sudan, Syria, Tunisia, US, and Yemen.” wrote Nathaniel Gleicher.

“The Page administrators and account owners typically represented themselves as locals, often using fake accounts, and posted news stories on current events. This included commentary that repurposed Iranian state media’s reporting on topics like Israel-Palestine relations and the conflicts in Syria and Yemen, including the role of the US, Saudi Arabia, and Russia.”

In some cases, the activity carried out by the fake accounts date back to 2010.

Facebook pointed out that although threat actors attempted to hide their identities, the manual review of the activities associated with these accounts allowed them to identify the coordinated inauthentic behavior from Iran.

The campaign operated by threat actors as early as 2010 involved 262 pages, 356 accounts, and three groups on Facebook, as well as 162 accounts on Instagram.

According to Facebook, about 2 million accounts followed at least one of the above pages, about 1,600 accounts joined at least one of the groups, and more than 254,000 accounts followed at least one of these Instagram accounts.

The social network giant reported that operators spent less than $30,000 in ads on Facebook and Instagram, they were paid for primarily in US dollars, UK pounds, Canadian dollars, and euros

“We identified some of these accounts through our continued investigation into Iranian coordinated inauthentic behavior we found and removed last year.” concludes Gleicher.

“Our investigation was aided by open source reporting and information provided to us by our industry peers. We have shared information about our investigation with US law enforcement, the US Congress, and policymakers in impacted countries. “

Pierluigi Paganini

(SecurityAffairs – Facebook, manipulation campaign)

The post Facebook dismantled a vast manipulation campaign tied to Iran appeared first on Security Affairs.

Security Affairs: Facebook paid teens $20 to install a Research App that spies on them

Facebook is paying teens $20 a month to use its VPN app, called Facebook Research, that monitors their activity via their mobile devices.Facebook is paying teens $20 a month to use its VPN app, called Facebook Research, that monitors their activity via the mobile devices.

2018 was a terrible year for Facebook that was in the middle of the Cambridge Analytica privacy scandal. The social network giant was involved in other cases, for example, it was forced to remove its Onavo VPN app from Apple’s App Store because it was caught collecting some of data through Onavo Protect, the Virtual Private Network (VPN) service that it acquired in 2013.

According to a report presented by Privacy International in December at 35C3 hacking conference held in Germany, the list of Android apps that send tracking and personal information back to Facebook includes dozens of apps including KayakYelp, and Shazam, Facebook

Now according to a report published by TechCrunch, Facebook is paying teenagers around $20 a month to use its VPN app that monitors their activity on via the mobile devices.

Facebook Research App Icon

Facebook is accused of using the VPN app to track users’ activities across multiple different apps, especially the use of third-party apps.

“Desperate for data on its competitors, Facebook  has been secretly paying people to install a ‘Facebook Research’ VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August.” reads the report published by Techcrunch.

“Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.”

Techcrunch reported that some documentation refers to the Facebook Research program as “Project Atlas,” it added that Facebook confirmed the existence of the app.

The news is disconcerting, despite the privacy cases in which Facebook was involved, the company has been paying users ages 13 to 35  as much as $20 per month plus referral fees for installing Facebook Research on their iOS or Android devices. The company described the ‘Facebook Research’ app as “paid social media research study.”

Facebook is distributing the app via third-party beta testing services Applause, BetaBound, and uTest that were also running ads on Instagram and Snapchat recruiting participants to install Facebook Research.

Let’s give a close look at the Facebook Research App. The app requires users to install a custom root enterprise certificate to allow the social media giant to collect private messages in social media apps, chats from in instant messaging apps, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps installed on the users’ devices.

Experts pointed out that in some case, the Facebook Research app also asked users to take screenshots of their Amazon order histories and send it back to Facebook.

Reading the Applause site it is possible to have more info on how the company could use the data:

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.” ” the terms read.

Facebook confirmed that the app was developed for research purposes, in particular to study how people use their mobile devices.

“like many companies, we invite people to participate in research that helps us identify things we can be doing better.” explained Facebook.

“helping Facebook understand how people use their mobile devices, we have provided extensive information about the type of data we collect and how they can participate. We do not share this information with others, and people can stop participating at any time.”

Facebook’s spokesperson claimed that the app doesn’t violate the Apple’s Enterprise Certificate program. Techcrunch points out that since Apple requires developers to only use this certificate system for distributing internal corporate apps to their own employees, “recruiting testers and paying them a monthly fee appears to violate the spirit of that rule,”

After the disclosure of the report, Facebook announced that it is planning to shut down the iOS version of the Facebook Research app.

Pierluigi Paganini

(SecurityAffairs – Facebook Research app, Privacy)

The post Facebook paid teens $20 to install a Research App that spies on them appeared first on Security Affairs.



Security Affairs

Facebook paid teens $20 to install a Research App that spies on them

Facebook is paying teens $20 a month to use its VPN app, called Facebook Research, that monitors their activity via their mobile devices.Facebook is paying teens $20 a month to use its VPN app, called Facebook Research, that monitors their activity via the mobile devices.

2018 was a terrible year for Facebook that was in the middle of the Cambridge Analytica privacy scandal. The social network giant was involved in other cases, for example, it was forced to remove its Onavo VPN app from Apple’s App Store because it was caught collecting some of data through Onavo Protect, the Virtual Private Network (VPN) service that it acquired in 2013.

According to a report presented by Privacy International in December at 35C3 hacking conference held in Germany, the list of Android apps that send tracking and personal information back to Facebook includes dozens of apps including KayakYelp, and Shazam, Facebook

Now according to a report published by TechCrunch, Facebook is paying teenagers around $20 a month to use its VPN app that monitors their activity on via the mobile devices.

Facebook Research App Icon

Facebook is accused of using the VPN app to track users’ activities across multiple different apps, especially the use of third-party apps.

“Desperate for data on its competitors, Facebook  has been secretly paying people to install a ‘Facebook Research’ VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August.” reads the report published by Techcrunch.

“Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.”

Techcrunch reported that some documentation refers to the Facebook Research program as “Project Atlas,” it added that Facebook confirmed the existence of the app.

The news is disconcerting, despite the privacy cases in which Facebook was involved, the company has been paying users ages 13 to 35  as much as $20 per month plus referral fees for installing Facebook Research on their iOS or Android devices. The company described the ‘Facebook Research’ app as “paid social media research study.”

Facebook is distributing the app via third-party beta testing services Applause, BetaBound, and uTest that were also running ads on Instagram and Snapchat recruiting participants to install Facebook Research.

Let’s give a close look at the Facebook Research App. The app requires users to install a custom root enterprise certificate to allow the social media giant to collect private messages in social media apps, chats from in instant messaging apps, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps installed on the users’ devices.

Experts pointed out that in some case, the Facebook Research app also asked users to take screenshots of their Amazon order histories and send it back to Facebook.

Reading the Applause site it is possible to have more info on how the company could use the data:

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.” ” the terms read.

Facebook confirmed that the app was developed for research purposes, in particular to study how people use their mobile devices.

“like many companies, we invite people to participate in research that helps us identify things we can be doing better.” explained Facebook.

“helping Facebook understand how people use their mobile devices, we have provided extensive information about the type of data we collect and how they can participate. We do not share this information with others, and people can stop participating at any time.”

Facebook’s spokesperson claimed that the app doesn’t violate the Apple’s Enterprise Certificate program. Techcrunch points out that since Apple requires developers to only use this certificate system for distributing internal corporate apps to their own employees, “recruiting testers and paying them a monthly fee appears to violate the spirit of that rule,”

After the disclosure of the report, Facebook announced that it is planning to shut down the iOS version of the Facebook Research app.

Pierluigi Paganini

(SecurityAffairs – Facebook Research app, Privacy)

The post Facebook paid teens $20 to install a Research App that spies on them appeared first on Security Affairs.

HOTforSecurity: Facebook to Merge WhatsApp, Instagram, Facebook Messenger by 2020

Looking to gain more control over the company’s communication platforms and prevent users from switching to competitors, Facebook CEO Mark Zuckerberg will merge WhatsApp, Instagram and Facebook Messenger, writes The New York Times. The integration is expected to be complete by 2020 and will serve over 2.6 billion users.

“The services will continue to operate as stand-alone apps, but their underlying technical infrastructure will be unified,” the newspaper reported, citing four people involved in the effort, whom it didn’t name.

The merger, part of the tech company’s larger plan to increase revenue and advertising opportunities, raises security and privacy concerns regarding user data and how the cross-platform communication will further handle data sharing.

“This is why there should have been far more scrutiny during Facebook’s acquisitions of Instagram and WhatsApp, which now clearly seem like horizontal mergers that should have triggered antitrust scrutiny,” Representative Ro Khanna, Democrat of California, said on Twitter. “Imagine how different the world would be if Facebook had to compete with Instagram and WhatsApp.”

According to Facebook, the apps will benefit from end-to-end encryption because they want to “build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private. We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks.”

However, the merger and possible lack of autonomy raise trust issues and internal conflicts, following the departure of WhatsApp and Instagram founders. Inside sources who spoke with The New York Times say the reconfiguration of all three services will be the work of thousands but the company is still figuring out all the details.  



HOTforSecurity

Facebook to Merge WhatsApp, Instagram, Facebook Messenger by 2020

Looking to gain more control over the company’s communication platforms and prevent users from switching to competitors, Facebook CEO Mark Zuckerberg will merge WhatsApp, Instagram and Facebook Messenger, writes The New York Times. The integration is expected to be complete by 2020 and will serve over 2.6 billion users.

“The services will continue to operate as stand-alone apps, but their underlying technical infrastructure will be unified,” the newspaper reported, citing four people involved in the effort, whom it didn’t name.

The merger, part of the tech company’s larger plan to increase revenue and advertising opportunities, raises security and privacy concerns regarding user data and how the cross-platform communication will further handle data sharing.

“This is why there should have been far more scrutiny during Facebook’s acquisitions of Instagram and WhatsApp, which now clearly seem like horizontal mergers that should have triggered antitrust scrutiny,” Representative Ro Khanna, Democrat of California, said on Twitter. “Imagine how different the world would be if Facebook had to compete with Instagram and WhatsApp.”

According to Facebook, the apps will benefit from end-to-end encryption because they want to “build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private. We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks.”

However, the merger and possible lack of autonomy raise trust issues and internal conflicts, following the departure of WhatsApp and Instagram founders. Inside sources who spoke with The New York Times say the reconfiguration of all three services will be the work of thousands but the company is still figuring out all the details.  

74% of Americans Are Clueless about Facebook’s Data Collection Algorithm, Survey Says

Americans don’t know much about Facebook and how its algorithm works, according to a survey from Pew Research Center conducted on 963 US Facebook users. The new study found that 74 percent of Facebook users in the US did not know that Facebook collects their traits and interests to help advertisers target ads. Users were also unaware that they could access this information in account settings.

Facebook doesn’t do this for free but for the hefty profit that comes from playing with big data, a common practice in the industry. Companies collect tons of online data about user behavior. They use it to improve their business models, to increase revenue, improve user experience through personalized content, as well as to sell to third parties. Even companies that offer their services for free such as social networks.

Asked to give their opinion on how Facebook profiles them, many respondents disagreed with the algorithm’s conclusions. The numbers show that almost half (51%) are “not comfortable” with the method used to create personalized lists and 27 percent say they don’t fit the descriptions because they are inaccurate. However, 59 percent do identity with Facebook’s categorization and interest list.

Facebook was also interested in collecting data about political affiliations, propaganda and racial and ethnic “affinities,” with a separate “multicultural affinity” category. A quarter of users showed up in this category, meaning their behavior shows an affinity for multiple racial and ethnic groups.

“37% of Facebook users are both assigned a political affinity and say that affinity describes them well, while 14% are both assigned a category and say it does not represent them accurately,” says the report.

“We want people to understand how our ad settings and controls work,” reads Facebook’s statement to The Verge. “That means better ads for people. While we and the rest of the online ad industry need to do more to educate people on how interest-based advertising works and how we protect people’s information, we welcome conversations about transparency and control.”

Twitter fixed a bug in its Android App that exposed Protected Tweets

A bug in the Twitter app for Android may have had exposed tweets, the social media platform revealed on Thursday.

The bug in the Android Twitter app affects the “Protect my Tweets” option from the account’s “Privacy and safety” settings that allows viewing user’s posts only to approved followers.

People who used the Twitter app for Android may have had the protected tweets setting disabled after they made some changes to account settings, for example after a change to the email address associated with the profile.

“We’ve become aware of an issue in Twitter for Android that disabled the “Protect your Tweets” setting if certain account changes were made.” reads the security advisory published by the company.

“You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account between November 3, 2014, and January 14, 2019.”

The vulnerability was introduced on November 3, 2014, and was fixed on January 14, 2019, users using the iOS app or the web version were not impacted. 

Twitter has notified impacted users and has turned “Protect your Tweets” back on for them if it was disabled.

“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted. We encourage you to review your privacy settings to ensure that your ‘Protect your Tweets’ setting reflects your preferences,” continues the advisory.

Recently Twitter addressed a similar bug, in December the researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party.

In September 2018, the company announced that an issue in Twitter Account Activity API had exposed some users’ direct messages (DMs) and protected tweets to wrong developers.

Twitter is considered one of the most powerful social media platforms, it was used in multiple cases by nation-state actors as a vector for disinformation and propaganda.

In December Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform.

Pierluigi Paganini

(SecurityAffairs – Twitter app, Android)

The post Twitter fixed a bug in its Android App that exposed Protected Tweets appeared first on Security Affairs.

That Other Moscow: Sketchy LinkedIn Job Posts Mix US, Russian Locales

Bogus LinkedIn job postings for leading US organizations, including the US Army, the State of Florida and defense contractor General Dynamics, are popping up for Russian locales like St. Petersburg and Moscow, the firm Evolver has found. Is it AI-Gone-Wild, or is something more nefarious afoot?  Moscow, on the border between Idaho and Washington...

Read the whole entry... »

Related Stories

Facebook Accused of Violating Vietnam’s Cyber Law

Vietnam’s controversial cybersecurity law that tightens government control of the online environment just came into effect on Jan. 1 and it’s already claiming its first victim, writes the Financial Times.

On Tuesday, the communist country accused Facebook of not complying with its new law by refusing to immediately delete fan pages with content the government considers defamatory. According to Vietnam’s Authority of Broadcasting and Electronic Information (ABEI), Vietnamese account holders freely published “slanderous content, anti-government sentiment and libel and defamation of individuals, organizations and state agencies.”

The cybersecurity law, passed in June 2018, forms part of Vietnam’s strategy to tighten media control and restrict free speech online.

“This decision has potentially devastating consequences for freedom of expression in Vietnam,” Amnesty International stated at the time. “In the country’s deeply repressive climate, the online space was a relative refuge where people could go to share ideas and opinions with less fear of censure by the authorities.”

Citing a Vietnamese market research report, the government body accuses Facebook of allowing advertising for scams and fake or illegal products. “The Vietnamese report claimed some $235 million was spent on Facebook ads in 2018, with $152.1 million going to Google,” writes TechCrunch.

As a result, Vietnam wants to penalize Facebook by taxing advertising revenue.

“We have a clear process for governments to report illegal content to us, and we review all these requests against our terms of service and local law,” Facebook responded. “We are transparent about the content restrictions we make in accordance with local law in our Transparency Report.”

Vietnamese authorities requested information on suspicious accounts, but Facebook refused to hand over user data, as it would violate community standards.

German Teen Confesses to Data Breach Affecting 1,000 Politicians, Journalists

2019 kicked off with a major security breach in Germany that compromised the personal data of some 1,000 politicians, journalists and celebrities, including Angela Merkel, Green party leader Robert Habeck, TV personality Jan Böhmermann and many others, including rappers and members of the German parliament, writes the BBC. For now, there is no evidence suggesting far-right party AfD members were also targeted.

While authorities initially had no idea who was behind the cyberattack, they brought in a 20-year-old German man for questioning, says The Guardian. At first he denied accusations but confirmed he knew who was behind the Twitter account that caused the breach: @_0rbit located in Hamburg, Germany.

In December, the Twitter account @_0rbit published the stolen data online disguised in a daily advent calendar. The compromised data includes telephone numbers, credit card information, photos, addresses, private conversations and contacts, reported BKA – the German federal criminal police. The account, which had over 17,000 followers, has been suspended.

Shortly after interrogation, the man, identified as Jan S., confessed to the attack, which he claims he carried out “alone and out of annoyance at statements made by the public figures he attacked.” On Twitter he also used the account name “G0d.” BKA says so far there is no evidence that a third-party was involved.

Interior Minister Seehofer told the BBC at the time that the data was accessed through “wrongful use of log-in information for cloud services, email accounts or social networks.” There is no evidence that government systems were hacked.

German newspaper Bild claims the data compromised is as old as October 2018, possibly even older.

Jan S. was released on Monday “due to a lack of grounds for detention.”

Twitter – Den of Iniquity or Paragon of Virtue… or Someplace in Between?


Twitter - Den of Iniquity or Paragon of Virtue or Someplace in Between


Recently there's been some coverage of Twitter's propensity for porn. Some research has shown that
one in every thousand tweets contains something pornographic. With 8662 tweets purportedly sent every second, that's quite a lot.

Now, this is not something that has escaped our notice here at Smoothwall HQ. We like to help our customers keep the web clean and tidy for their users, and mostly that means free of porn. With Twitter that's particularly difficult. Their filtering isn't easy to enforce and, while we have had some reasonable results with a combination of search term filtering and stripping certain tweets based on content, it's still not optimal. Twitter does not enforce content marking and 140 characters is right on the cusp of being impossible to content filter.

That said - how porn riddled is Twitter? Is there really sex round every corner? Is that little blue bird a pervert? Well, what we've found is: it's all relative.

Twitter is certainly among the more gutter variety of social networks, with Tumblr giving it a decent run for boobs-per-square-inch, but the likes of Facebook are much cleaner — with even images of breastfeeding mothers causing some controversy.

Interestingly, however, our back-of-a-beermat research leads us to believe that about 40 in every 1000 websites is in some way linked to porn — these numbers come from checking a quarter of a million of the most popular sites through Smoothwall's web filter and seeing what gets tagged as porn. Meanwhile, the Huffington Post reports that 30% of all Internet traffic is porn - the biggest number thus far. However, given the tendency of porn toward video, I guess we shouldn't be shocked.

Twitter: hard to filter, relatively porn-rich social network which is only doing its best to mirror the makeup of the Internet at large. As a school network admin, I would have it blocked for sure: Twitter themselves used to suggest a minimum age of 13, though this requirement quietly went away in a recent update to their terms of service.