Stop Badware

https://www.stopbadware.org/

The site claims that “Our work protects people and organizations from becoming victims of viruses, spyware, scareware, and other badware”. That sounds useful.

The StopBadware project started at Harvard University and was turned into an independent nonprofit organization in 2010.

What is Badware?

Badware is software that overrides a user’s choice about how his or her computer or network connection will be used.

Some badware is specifically designed for criminal, political, and/or mischievous purposes.

These purposes might include:

  • stealing bank account numbers, passwords, company secrets, or other confidential information
  • tricking the user into buying something that they don’t need
  • sending junk email (spam)
  • sending premium text messages from a mobile device
  • attacking other computers to prevent them functioning properly
  • distributing badware to other computers

Badware is sometimes referred to as malware. It includes viruses, Trojans, rootkits, botnets, spyware, scareware, and more.

The StopBadware programme:

 

  • provides Internet users with important and timely information about badware
  • helps website owners, particularly individuals and small businesses, protect their sites from badware; offers resources and community support to owners of compromised sites
  • engages web hosts and other key service providers to help them effectively and transparently address badware websites within their zones of control
  • encourages companies to proactively share data and knowledge with one another; leads collaborative information-sharing efforts that create greater security for all stakeholders
  • conducts high-impact research on malicious websites, cybersecurity econometrics, and critical infrastructure, to name just a few

Some badware may not have malicious intentions, but still takes away the user’s control.

For example, a browser toolbar that helps you shop online more effectively but does not mention that it will send a list of everything you buy online to the company that provides the toolbar. In this case, you are unable to make an informed decision about whether to install or use this software.

Another example is when you install a piece of software, and that software installs additional software that you weren’t expecting. This can be especially troubling if the additional software does something you dislike or doesn’t uninstall when you remove the original software.

STOP BADWARE!

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Fightback Ninja Signature

Does Facebook Listen to Your Conversation

People have wondered for some time how Facebook works out what adverts to serve up to which people and sometimes an advert that’s a little too accurate may turn up. That’s sets people wondering whether Facebook listens in on their phone conversations and there’s anecdotal evidence that seems to make the point.

At recent congressional hearings, when Senator Gary Peters asked Mark Zuckerberg (head of Facebook) if Facebook listens to users through their cell phone microphones in order to collect information with which to serve them adverts, Zuckerberg said “No.”

How Facebook Collects Information

The Facebook APP does request microphone permissions for any videos you post, as well as to identify music or TV shows when you use the “Listening to” status feature, but does not listen to your conversation.

It starts with your Facebook profile plus everything you post on Facebook. Facebook tracks you through Like buttons on other web pages. This is even true for people without a Facebook account.

It also:-

  • Uses data from its other APPS – Instagram and WhatsApp
  • Tracks data from APPS within Facebook e.g. quizzes
  • Tracks when you use your Facebook login to access other websites
  • Maintains shadow profiles on people who don’t use Facebook.
  • Records unique phone identifiers through in-app advertising to associate your identity across the different devices you use.
  • Tracks your location constantly
  • Tracks your purchases

If you have ever been surprised by a Facebook advert for a product popping up right after you were talking out loud about it, it may be that Facebook has learned too much about you but it won’t be from your conversations.

Most people dislike adverts but understand that advertising fund the websites and services and APPS so is a necessary ‘evil’.  Some prefer adverts that are relevant whereas others find that creepy or intrusive.

However, most do accept that targeted advertising is likely to become more prevalent and more accepted.

Facebook don’t listen to your conversations, but they can collect so much information about us that it may seem that adverts can sometimes be too accurately targeted at you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

 

 

UK Cyber Attacks in 2017

The National Cyber Security Centre (NCSC) has reported on 2017 and here are some key points from the report.

“It was a year of ransomware attacks, data breaches and online fraud.”

The WannaCry ransomware attack in May spread rapidly and randomly. 300,000 devices were infected across 150 countries and affecting services worldwide, including the NHS. The attack demonstrated the real-world harm that can result from cyber attacks, particularly when they are designed to self-replicate and spread.

 

The enormous scale of the 2013 Yahoo breach , the 2016 Uber breach and the 2017 Equifax breach came to light, demonstrating that data is a valuable target for cyber adversaries. It is clear that even if an organisation has excellent cyber security, there can be no guarantee that the same standards are applied by contractors and third party suppliers in the supply chain. Attackers will target the most vulnerable part of a supply chain to reach their intended victim.

Between October 2016 and the end of 2017, the NCSC recorded 34 significant cyber attacks. 762 less serious incidents were also recorded. With interest in cryptocurrency still strong, cryptojacking – where an individual’s computer processing power is used to mine cryptocurrency without the user’s consent – will likely become a regular source of revenue for website owners. Increased use of cloud technology to store sensitive information will continue to tempt cyber attackers, which could result in UK citizens’ information being breached.

Distributed Denial of Service (DDoS) attacks – where hackers threaten to conduct DDoS attacks unless a ransom is paid – have increased since mid-2017 when a South Korean web hosting company paid a ransom fee in Bitcoin equivalent to US$ 1 million. In late 2017.

The reported number and scale of data breaches continued to increase in 2017, with Yahoo finally admitting in October that all of its 3 billion customers had been affected by the 2013 breach.

Groups assessed to have links to state actors – were likely responsible for some of the larger breaches.

Examples of data breaches included: • Equifax, where the personally identifiable information of 145 million US users and almost 700,000 UK users was compromised. • Verizon’s data on 14 million customers stored in the cloud, and controlled by a third party company, was exposed to anyone who could guess the web address. • Uber was forced to reveal that it deliberately covered up a year-old breach by paying the hackers US$ 100,000 to destroy the data they had stolen. The data of 57 million accounts, which had not been encrypted, was exposed. • An aggregated database of data, collated from multiple breaches, was discovered by security company 4iQ in December 2017. This contained 1.4 billion credentials in clear text, including unencrypted and valid passwords. Analysis indicated a large number of incidents were caused by third party suppliers failing to secure data properly.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

 

The Account Approved Phishing Scam

You receive an email from Customer Service that says Your Account Has Been Approved”.

Sounds good.

Hang on a minute – an account at which business?

The email doesn’t specify – there is no business name.

There is loads of stuff about IDs and passwords and congratulations etc. and the link they want you to click seems to be to www.account-uk.ga/UK/account

The suffix .ga means the website is registered in Gabon, West Africa.

The lack of a business name and the registration in West Africa point to the email being a scam. Plus the simple fact that I haven’t applied for any new accounts and hence cannot have been approved for an account I actually want, makes this abundantly clear.

The temptation with these emails is to click to find out what the account is – but don’t be tempted – it’s just a simple phishing scam whereby the website link takes you to a page that asks for more personal information. Plus, clicking the link will mark you as a gullible person suitable to be targeted for future scams.

These emails often name a well-known bank or other financial organization, large retailer, APPLE, Microsoft etc.

All scams.

Do not click the link.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature