Posted November 22, 2018
We are filled out with security news this week, with a master of subjects to sort through in our discussion. We are talking about a major online retailer who fumbles with some of your data just before the year's biggest trading season, as well as crypto miners who hit some surprising goals and a founder of the web as we know it's trying to make the online world a better place. We hope, however, that it will help you plan your trip. Original in English Rate this review: Thank you for rating
We are constantly talking on the checklist of data breaches, data leakage, data types and virtually any Some possible ways somebody can lose your information online – so these stories are rarely shocking or surprising. That does not mean they are not interesting, though, and that is the case with our first story for today. If you are an Amazon customer, you may have recently received an email that left you with any questions. Let's look at what that email was, what happened and what it all really means for you.
A Bit Of A Ups From Amazon
Shoppers Started Receiving Email From Amazon Some Time On Tuesday And Wednesday, publications like CNET were reported about what Amazon called an "unintentional disclosure" of the names and email addresses of someone by the online shopping giant's customers. In the email, Amazon emphasized that only names and emails were revealed and there was no reason for customers to change their passwords – or to do something really. Furthermore, CNET reports that the technical problem was all on Amazon's side and that there was no "hack or violation" that caused the information to be deliberately exposed.
Then Amazon said "Oops, sorry," but not much else. They did not reveal what went wrong, how many of the users were e-mailed, or where someone could have seen their e-mail. In other words, we know that something happened that apparently it was less, but also that Amazon felt that they should inform the event to the users.
Overall, this looks like a case of Amazon that works to build trust between itself and its users when it comes to data management. Since there are currently no clear laws that require immediate notification of such issues to users, they appear to have been made on their own. So, was someone threatened by this? In other words, something bad can come from exposing name and email? If things happened like Amazon said they did, then the answer is "no." If no one outside the company got or saw these emails, there's almost no threat. It is simply a matter of responsibility.
What about Amazon did not reveal the number of affected people – is it important? To a degree, yes. If there were only one or three or even ten e-mails exposed, it's rarely ever a significant problem. If we talk about tens of thousands of email addresses, or even more, it's a clearer issue. It would be good to know the real number, but Amazon has decided to keep the real numbers to themselves.
Long-term listeners know the importance of good security for user data. But would anyone really hear about it (apart from looking at the email if they received one) or take action? CNET points out that the information timing was unfortunate, given its proximity to Black Friday and Cyber Monday, but that's also the case – everyone is busy with the holiday and the subsequent shopping venue. In addition, although this is "an agreement", it is not necessarily a "big deal". Could it be a black eye for Amazon? Maybe, but only if something else evolves out of this story.
One example: Amazon said that affected users did not have to change their passwords or take other corrective measures. A fast-minded scam artist can see it and start trying to send out email with a "Change Password" link that led users to a phishing site. While it does not necessarily happen out there, one way the bad could try to use such a situation to take advantage of the less savvy with their safety. Therefore, it's a good idea to always be on your toes!
Make A Wish For Crypto-Coins (or Vice Versa)
Sometimes you have to wonder if the hackers out there are really heartless. TheNextWeb reported that some villains were infected on the official website of the Make-a-Wish Foundation with cryptocurrency mining malware. Yes, make a wish! Is nothing holy? It's hard not to worry about that question after experts from Trustwave, a security research firm, discovered a site infected with a type of malicious software known to researchers. Called CoinImp, uses malware malicious code to trick a visitor's user's computer to discard processor power in the background. While the user is browsing the site, they unknowingly achieve the value of encryption for hackers.
We've talked about this issue a couple of times before on the checklist, but it's always a bit odd to encounter it – so let's break down how this all works again. How may your day possibly start by just visiting a website and ending with encryption technology malware that affects your computer? There are a few things to pack out here. The main distinction here is that the site does not download any malware on your computer.
So was this a lonely wolf just out to make money on Make-a-Wish? In fact, it seems that it was probably part of a much more widespread crypto-mining fraud, and it starts with a completely different problem. As always, the way hackers came in was through outdated software that had not yet received an update to the latest version. That software would be Drupal, a content management system that allows people to create and maintain complex websites. Make-a-Wish, like many other sites, was not updated. It is likely that they were targeted by hackers linked to a much larger attack that occurred earlier this year, where more than 100,000 Drupal-based sites were attacked by malicious software.
Finally, 400+ major websites, including those for UCLA, Lenovo, D-Link, and even the Workers' Union, all cryptomines had dumped into their web code. Hackers even hit routers in Brazil and India, using the total processing power of 300,000 machines to generate mountains in crypto currency. Unfortunately, none of this news. According to McAfee Labs, in Q2 alone in 2018, well over 2.5 million crypto-currency hijacking scripts detected – the problem is now widespread.
So, if it all happens in the background and you can not see why does it matter? You can not see it, but you will definitely experience its effects: These cryptomins are rarely configured to use only a part of the CPU's power, and instead will aim to maintain maximum output as long as possible. Since there is nothing to tell when the user leaves the site, there's no need to eject small pieces of currency when you can shoot for the moon instead.
Not only does your computer run extremely slowly, but over time it will even use more power. Want to make sure Safari is not encrypted? Check your Activity Monitor and see if it uses a ton of CPU. It's not a guaranteed way to know that there's a mine – there are other reasons that Safari can spend a lot of CPU, after all – but it's a good red flag to know.
Since we've covered this topic before, we have an excellent resource for you to consult for more information: Checklist 79, Cryptocurrency and You. In that episode, we discussed how the best way to protect you from miners was to keep the security software up to date (always a good idea) and to drive a good ad block. It's just the short version of the show, so we encourage you to check it out if you missed it or need a quick update.
Tim Berners-Lee will save the day
Who invented the Internet? Well, we know there is some debate on this topic, but if you reformulate your question to "Who invented the World Wide Web?" Then you have a clear answer: Tim Berners-Lee. Sometimes called the danger of modern Internet, Berners-Lee is responsible for the basic architecture that allowed the Internet as we know it today, to grow and flourish. Of course, the internet as we know is not exactly utopia as many had imagined decades ago. Rife with malicious software, divisive content and massive money, we know the Internet has some issues. So, Tim Berners-Lee does – and he's back because he'll find a way to do things better.
CNET reports that Berners-Lee has founded a company and started developing an open source project that aims to strengthen the average user taking control of his personal information over the Internet. His company, Inrupt and the Solid project, would take out our data from Google and Facebook and their giant data centers and place it in your hands to provide just the ones you want.
Here's the idea: Solid gives users a "pod" that lets you save and manage a wealth of personal information. When businesses want some of the information in your pod – like your email, date of birth or address – they'll only get it if you give them permission. Otherwise, they can not access it or even see it at all; It will of course mean a fundamental change in the way we do business and virtually anything else online. Creating such a change will be a big challenge, especially because it is not only average users that they must convince – they are also businesses.
The good news is that recent trends have shown a growing shift towards a more proactive privacy, with more people installing tracker blocking privacy extensions in web browsers and Europe's GDPR. It is the general data protection regulation that has forced companies worldwide to start offering more data management options to their customers. If you do not remember the GDPR input, do not worry; We Covered You In Episode 90 – WHOIS GPDR, we found everything you need to know about it.
Will this work? That's a good question – it will be a long, hard way to make it happen, as much as it would be an excellent idea. Enterprises will be the biggest intersection of success, and it's hard to see how it works. Since the service must be voluntary, it only takes one big company that refuses to sign up in the program, such as Google or Facebook, to create major issues. Still, for Berners-Lee, the problem is a personal one; After his invention of WWW in 1989, he has been an active advocate for making the Internet a better place.
Together with Solid, Berners-Lee also works on developing a "web contract" policy that informs the growth and development of a free and open Internet that also balances the need for privacy, courtesy and more. Work on developing the contract is ongoing, and Berners-Lee invites the public to contribute his thoughts; The Internet is created by people, says Berners-Lee, and people can control the way the Internet grows.
With this inspiring thought, we are discussing this week's discussion in the vicinity.
Don Do not forget that we have an easy way for you to check out the other episodes we mentioned in today's show – and you do not even have to go anywhere. Here in the checklist archive you will find complete viewing notes and easily accessible recordings of each episode, and extend back to our very first show. It includes Episode 79 – Cryptocurrency and You as we mentioned in today's discussions, along with another episode worth listening to at this time of year. It would be episode 12 – five tips for safe holiday shopping. While there is plenty of common sense involved in staying safe during this online shopping season, it never hurts to be informed of the potential risks and what you can do to make sure you have a happy holiday.