Pete Recommends – Weekly highlights on cyber security issues June 10 2018

Subject: Cell Phone-Account Fraud
Source: Consumer Reports
https://www.consumerreports.org/scams-fraud/cell-phone-account-fraud/

Consumers have a new privacy threat to worry about. It’s known as cell-phone account fraud, where crooks open up a phony cell-phone account in your name and use it to access your bank account, sign up for credit cards, or sell the phone number for other criminals to use. While little known among consumers, cell-phone account fraud can have a devastating impact on your finances—and your reputation.

Unlike other types of fraud, there are fewer consumer protections. It’s also harder to detect, so it can go unnoticed for months. By then, your bank account may be drained, credit card companies may be after you for unpaid bills, and the police may be investigating you for crimes committed in your name.

The biggest step you can take is to put a freeze on the credit information that is used to open a cell-phone account. This information doesn’t come from the big credit rating agencies like Equifax but from little known companies such as the National Consumer Telecommunications and Utilities Exchange (NCTUE), a credit reporting agency fed by data supplied by phone, pay-TV companies, and utility service providers.

“You have a new and quickly growing form of crime, the objectives of which go well beyond financial loss,” says McAndrew. “In many ways we’re seeing the weaponization of digital technology—infrastructure, platforms, devices, and data. And this type of fraud is an illustration of that.”


Subject: MyHeritage data breach exposes 92 million accounts
Source: Business Insider
http://www.businessinsider.com/myheritage-data-breach-exposes-92-million-accounts-2018-6

  • A security researcher informed DNA testing and genealogy website MyHeritage that a file with 92 million user email addresses and scrambled passwords were found on a server outside of the company.
  • MyHeritage does not believe the information was actually used by the perpetrators.
  • Credit card information, family trees, and DNA data were not part of the breach, the company says.

MyHeritage said that the hashing is “one-way,” meaning that it is almost impossible to turn the hashed password back into the original. And each hash key, which could be used to revert the hashed passwords back, differs for each user.

The Israeli-based MyHeritage lets people send in swabs of DNA to uncover their ethnic origins and family history.

More sensitive information, such as credit card information, family trees, and DNA data, are stored in a different place than email addresses and passwords, and MyHeritage believes that information was never compromised.


Subject: U.S. officials warn Congress on risks of drones, seek new powers
Source: Reuters via Yahoo! News
https://www.yahoo.com/tech/u-officials-warn-congress-risks-drones-seek-powers-101142762.html

By David Shepardson WASHINGTON (Reuters) – The U.S. Department of Homeland Security (DHS) on Wednesday will urge Congress to approve legislation giving the federal government new powers to disable or destroy threatening drones, according to testimony viewed by Reuters. David Glawe, DHS’s undersecretary for intelligence and analysis, and the department’s deputy general counsel Hayley Chang, will tell the Senate committee that oversees the department that it needs new authority. “Terrorist groups overseas use drones to conduct attacks on the battlefield and continue to plot to use them in terrorist attacks elsewhere.


Subject: 4 tech accessories to keep your computer safe when working in public
Source: Insider Picks via Business Insider
http://www.businessinsider.com/computer-safety-security-tech-accessories-vpn-2018-6

  • Having your data stolen can be disastrous, and it’s a lot more likely to happen when you’re using your tech in public.
  • Whether someone is looking over your shoulder, or trying to connect to your computer through its webcam or an open Wi-Fi network, you want to be protected.
  • I have a few affordable product recommendations to help prevent theft and data loss without radically changing the way you use your tech.
  • Although neither is perfect, you should also remember to use strong passwords and enable two-factor authentication when possible.

Hacks and security breaches have become so rampant recently that we all have to start thinking about the security of our digital data and online privacy.
Part of that is picking what information you feel comfortable sharing and figuring out the best way to share it, but you may also want to take a few extra preventative measures to keep people from snooping on your stuff. Firewalls and preinstalled security software set up by your employer can keep you safe at work, and having a router with strong security features can keep you protected at home, but what about when you’re out in public?

If you prefer working from a cafe instead of a cramped apartment, or are forced to work from planes and hotel lobbies because of your job, the four accessories below can help keep your work a little safer. Though not perfect, having strong passwords and enabling features like two-factor authentication are also smart choices.


Subject: U.S. agency loses appeal over alleged LabMD data security lapses
Source: Reuters via Yahoo! News
https://www.yahoo.com/tech/u-agency-loses-appeal-over-alleged-labmd-data-021153905.html

By Diane Bartz WASHINGTON (Reuters) – The U.S. consumer protection agency on Wednesday lost an appeals court fight with now-defunct cancer testing company LabMD over accusations that the firm’s data security was inadequate and allowed the exposure of sensitive patient information. The Federal Trade Commission (FTC) sued LabMD in 2013, claiming that poor security practices in 2008 had allowed medical and other sensitive information about 9,300 consumers to be exposed on peer-to-peer network LimeWire, often used for downloading music. It asked the U.S. Court of Appeals for the 11th Circuit to vacate the FTC order, and the court agreed to do so.


Subject: Connected cars can lie, posing a new threat to smart cities
Source: The Conversation
https://theconversation.com/connected-cars-can-lie-posing-a-new-threat-to-smart-cities-95339

The day when cars can talk to each other – and to traffic lights, stop signs, guardrails and even pavement markings – is rapidly approaching. Driven by the promise of reducing traffic congestion and avoiding crashes, these systems are already rolling out on roads around the U.S.

For instance, the Intelligent Traffic Signal System, developed with support from the U.S. Department of Transportation, has been tested on public roads in Arizona and California and is being installed more widely in New York City and Tampa, Florida. It allows vehicles to share their real-time location and speed with traffic lights, which can be used to effectively optimize the traffic timing in coordination with the real-time traffic demand to dramatically reduce vehicle waiting time in an intersection.

Our work, from the RobustNet Research Group and the Michigan Traffic Laboratory at the University of Michigan, focuses on making sure these next-generation transportation systems are secure and protected from attacks. So far we’ve found they are in fact relatively easy to trick. Just one car that’s transmitting fake data can cause enormous traffic jams, and several attack cars could work together to shut down whole areas. What’s particularly concerning is that our research has found the weakness is not in the underlying communication technology, but in the algorithms actually used to manage the traffic flow.


Subject: Not voting could jeopardize future votes in some US states
Source: The Republic
http://www.therepublic.com/2018/06/08/us-supreme-court-ohio-voter-rolls/

CINCINNATI — Do you have to vote even if you don’t want to? Not doing so could put you on the path to losing your vote in some states.

The U.S. Supreme Court is expected to rule soon on a lawsuit filed against Ohio’s secretary of state over the practice of flagging registered voters after they’ve missed one federal general election. They get a mailed notification asking them to confirm their address. If they don’t respond and don’t vote in the next two general elections, they could be purged from voter rolls.

WHY SHOULD I CARE IF I DON’T LIVE IN OHIO?

Attorneys told the high court that at least six other states — Georgia, Montana, Oklahoma, Oregon, Pennsylvania and West Virginia — have similar practices. A ruling upholding Ohio’s practices could lead to more states adopting similar procedures.


Subject: Google’s Search-Ranking Manipulation Is Affecting Elections
Source: Good — A magazine for the global citizen via beSpacific
https://www.bespacific.com/googles-search-ranking-manipulation-is-affecting-elections/

GOOD: “As the 2018 midterm elections approach in the U.S., Google’s power to influence undecided voters remains overshadowed by Facebook’s personal data crisis. Facebook has “taken it on the chin” for its role in the 2016 presidential election, and organizations like the political consulting firm Cambridge Analytica and the Russian troll farm known as the Internet Research Agency have dominated headlines…

[from the article: The most important aspect of this effect, however, is that most people can’t detect the partisan ranking bias — and it’s virtually impossible to defend yourself from influences you can’t perceive. Fortunately, in three follow-up experiments, involving 3,600 participants, we demonstrated that alerting people to partisan ranking bias can help suppress the effect — though only laws or regulations actually preventing partisan ranking could eliminate the effect entirely.]


Subject: Can VPNs Really Be Trusted?
Source: Tripwire via beSpacific
https://www.bespacific.com/can-vpns-really-be-trusted/

Tripwire: “With hacking attacks, government surveillance and censorship constantly in the headlines, more and more people are looking for ways to increase their privacy online. One of the simplest and most popular solutions is to use a virtual private network. With a VPN, all your internet traffic is encrypted and tunneled through a third-party server, so it can’t be traced back to you. While this can be very effective, it must be noted that the main objective of a VPN provider – like any other company – is to make a profit. Although concern for the principle of web privacy may come into play, no one would be so naive as to assume that a VPN is in it for purely altruistic purposes. With this in mind, it’s worth asking: why should users place their trust in VPN providers?..”

NB tripwire blog:
https://www.tripwire.com/state-of-security/

I could not find a relevant RSS [RRS, sic] feed though there is an indication that such exists – that ‘tripped’ me up /pmw1]


Posted in: Cybercrime, Cybersecurity, Privacy