Pete Recommends – Weekly highlights on cyber security issues, November 22, 2020

Subject: What is doxxing? How to protect yourself from it
Source: Business Insider
https://www.businessinsider.com/what-is-doxxing

  • Doxxing is a form of online harassment where a user targets a specific person or group, finds personal information, and publishes it.
  • Personal information could include someone’s home address, email address, phone number, real name, place of employment, family members, or photographs.
  • Doxxing is done with malicious intent, usually targeting a celebrity, social media influencer, journalist, politician, or anyone the doxxer is seeking revenge on.

Personal information can include, but is not limited to: phone numbers, email addresses, family members, spouses, real names, employers, or personal photographs. Most of the time, doxxing is a form of malicious harassment or revenge on celebrities, journalists, social media influencers, politicians, or just about anyone the doxxer has a grudge with.

Technically, doxxing is not illegal as long as the information is of public record. Doxxers use the internet to find public information about a target and compile it with the intent of “exposing” someone or just for pure retaliation. However, if doxxing leads to death threats or threats of physical violence on the target’s self or property, it can be illegal depending on where you live.

Frequently change your passwords to your accounts. If you have a domain name, consider hiding your registration information from the WHOIS database. Finally, with the rise of doxxing, the U.S. Department of Homeland Security released a guide on how to protect yourself online.

[via the DHS PDF which is linked …]

FOR MORE INFORMATION:

>The Office of the Chief Security Officer also has a Social Media Safety page with a helpful booklet and many other resources.
>FBI’s Public Service Announcement on doxxing.
>US-CERT cyber tip sheets.
>FTC video on Sharing Information: A Day in Your Life and FTC tips on protecting personal information.
>DHS’s Stop. Think. Connect.™

Related coverage from Tech Reference:


Subject: How to wipe a computer if you want to sell it or give it a fresh start
Source: Business Insider
https://www.businessinsider.com/how-to-wipe-computer
  • You can wipe a computer’s hard drive and return it to its factory conditions with just a few clicks.
  • If you are not keeping the PC, you should be sure it’s impossible to recover any old data from the solid-state drive by encrypting the data.
  • When you reset your PC, be sure to choose the option to remove everything.

Subject: Your Computer Isn’t Yours
Source: Jeffrey Paul BLOG
https://sneak.berlin/20201112/your-computer-isnt-yours/ [thx, Sabrina … ]

It’s here. It happened. Did you notice? I’m speaking, of course, of the world that Richard Stallman predicted in 1997. The one Cory Doctorow also warned us about. On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.

Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings:

Date, Time, Computer,
ISP, City, State, Application Hash

...

See Also

Probably Unrelated: In other news, Apple has quietly backdoored the end-to-end cryptography of iMessage. Presently, modern iOS will prompt you for your Apple ID during setup, and will automatically enable iCloud and iCloud Backup. …

RSS https://sneak.berlin/feed.xml


Subject: The Best VPN Service Providers Of 2020
Source: GreyCoder
https://greycoder.com/best-vpn-service-providers/

There are now over a hundred VPN providers located across the world. To create this list VPN, I test customer service, the reliability of their network, and commitment to privacy. I also research actual customer feedback posted in online forums.These providers offer fast servers around the world, reliable apps, and a dedication to privacy:

more VPN-related posts:
https://greycoder.com/category/privacy-friendly/vpns/

and its RSS feed:
https://greycoder.com/category/privacy-friendly/vpns/feed/

Articles from beSpacific:
https://www.google.com/search?q=site%3Abespacific.com+vpn


Subject: #Protect2020 Rumor vs. Reality
Source: CISA via beSpacific
https://www.bespacific.com/protect2020-rumor-vs-reality/

Chris Krebs, the DHS Director of Cybersecurity and Infrastructure Security Agency, was fired by President Trump on November 17, 2020. His agency’s website, “RumorControl – Mis- and Disinformation can undermine public confidence in the electoral process, as well as in our democracy,” is still online but may not continue. “This webpage is for people with questions about the security of their vote and preemptively debunks potential areas for disinformation. You can learn more about mis- and disinformation from CISA’s Countering Foreign Influence Task Force.” Click on the Post Election icon to learn more about the Facts vs the Lies respective to numerous issues that include dead people casting ballots and variations in vote totals for different contests on the same ballot.CISA Taxonomy Topics


Subject: White House issues guidance for federal agencies on AI applications
Source: ZDNet
https://www.bespacific.com/white-house-issues-guidance-for-federal-agencies-on-ai-applications/

ZDNet – “US federal agencies have now been issued a guidance by the White House on how to regulate artificial intelligence (AI) applications that are produced in the US. “This memorandum sets out policy considerations that should guide, to the extent permitted by law, regulatory and non-regulatory approaches to AI applications developed and deployed outside of the federal government,” stated Russell Vought, director of the Office of Management and Budget (OMB) in the memo [PDF] for all the heads of executive departments and agencies, including independent regulatory agencies. The OMB guidance comes 21 months after President Donald Trump signed an executive order to fast-track the development and regulation of AI in the US. President Trump at the time touted the executive order would see the launch of the American AI initiative, which would place US resources towards ensuring that AI technology is made locally. According to the guidance, the idea is to ensure that agencies do not introduce regulations and rules that “hamper AI innovation and growth”…”beSpacific Subjects: AI, Government Documents, Knowledge Management, Legal Research

ZDNet
Topic: Security

RSS https://www.zdnet.com/topic/security/rss.xml


Subject: COVID cyberattacks will boom in 2021: Experts explain how to prepare
Source:  Business Insider
https://www.businessinsider.com/covid-cyberattacks-2021-how-to-prepare-kaspersky-experts-2020-11

  • The ongoing COVID-19 pandemic will continue to pose unique threats and vulnerabilities for businesses fending off cyberattacks in the coming year, Kaspersky cybersecurity analysts predict.
  • Cybercriminals have already started using sophisticated tactics to exploit fear surrounding the pandemic, including fake contact tracing apps that steal people’s information.
  • Others have capitalized on the high-stakes nature of COVID-19 treatment, targeting vaccine research centers and overburdened hospitals for profit.
  • The rise in remote work also grants cybercriminals more opportunities to hack into companies by targeting tools like VPNs used on employees’ devices.
  • Kaspersky researchers Ariel Jungheit, David Emm, and Costin Raiu answered questions from Business Insider about their predictions for the coming year and how businesses can prepare.

With the rise of remote work, cybercriminals are devising new ways to crack into companies’ systems by targeting employees logging in from home, the researchers said.

One tactic that’s expected to grow in 2021 is social engineering schemes that aim to compromise cloud computing platforms or corporate VPNs used by remote workers. Those schemes often incorporate “voice phishing,” wherein attackers call victims and pose as technical support with Microsoft Teams, Slack, or a VPN company in order to direct users to log onto a phony site that steals their login credentials.

Posted in: AI, Cybercrime, Cybersecurity, Government Resources, Healthcare, Privacy, Social Media