Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

FTC warns Christmas buyers that smart toys are a security risk

Thinking of giving a young person an internet-connected ‘smart’ toy this Christmas? You may want to think again.

Targeting Military Veterans: 5 Ways Cybercriminals Are Scamming Them

They trained, they served, they protected us. Now, they’re being targeted by cybercriminals who prey on their loyalty to their country, and it makes you sick. An AARP study found that U.S. military veterans are twice as likely as non-veterans to lose money to fraud. In that research, nearly 8 out of 10 veterans surveyed reported being targeted by scams related to their service. Some of the top cybercrime… Read more

FTC Provides Tips on Safeguarding Data Before Upgrading Mobile Phones

Original release date: November 19, 2019

The Federal Trade Commission (FTC) has released an article with tips on how to protect personal information before trading in a mobile phone for a newer model. FTC recommends the following four steps to safeguard these devices:

  • Back up data.
  • Remove SIM and SD cards.
  • Erase personal information.
  • Verify deletion of personal information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article for additional resources on how to perform each of the suggested steps and see CISA’s Tip on Proper Disposal of Electronic Devices for more information.

Dark Web Site Taken Down without Breaking Encryption

The US Department of Justice unraveled a dark web child-porn website, leading to the arrest of 337 people in at least 18 countries. This was all accomplished not through any backdoors in communications systems, but by analyzing the bitcoin transactions and following the money:

Obfuscation as a Privacy Tool

This essay discusses the futility of opting out of surveillance, and suggests data obfuscation as an alternative.  We can apply obfuscation in our own lives by using practices and technologies that make use of it, including:

  • The secure browser Tor, which (among other anti-surveillance technologies) muddles our Internet activity with that of other Tor users, concealing our trail in that of many others.
  • The browser plugins TrackMeNot and AdNauseam, which explore obfuscation techniques by issuing many fake search requests and loading and clicking every ad, respectively.
  • The browser extension Go Rando, which randomly chooses your emotional “reactions” on Facebook, interfering with their emotional profiling and analysis.
  • Playful experiments like Adam Harvey’s “HyperFace” project, finding patterns on textiles that fool facial recognition systems — not by hiding your face, but by creating the illusion of many faces.

I am generally skeptical about obfuscation tools. I think of this basically as a signal-to-noise problem, and that adding random noise doesn’t do much to obfuscate the signal. But against broad systems of financially motivated corporate surveillance, it might be enough.

Details of an Airbnb Fraud

This is a fascinating article about a bait-and-switch Airbnb fraud. The article focuses on one particular group of scammers and how they operate, using the fact that Airbnb as a company doesn’t do much to combat fraud on its platform. But I am more interested in how the fraudsters essentially hacked the complex socio-technical system that is Airbnb.

Reminder: Malware Can Exploit Improper Configurations

Original release date: November 15, 2019

Protect yourself from unwanted—and potentially harmful—files or programs by adhering to vendor-recommended configurations for hardware and software. Doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following tips and guidance:

 

Be Sociable, Share!

21
DEC
0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.