Millions have not reviewed Facebook privacy settings: Here’s how
Here are two staggering Facebook privacy statistics: Nearly 13 million US Facebook users have never set, or don’t know about, Facebook’s privacy tools, and only 37 percent have used Facebook's privacy tools to customize how much information is shared with third parties. That's according to a Consumer Reports survey released earlier this month. Given that there are now over 900 million Facebook users, more than the population of most countries, and given the broad sharing that is Facebook's default privacy setting, those stats strongly suggest a lot of people have some online privacy catching up to do.A few months ago we highlighted Facebook security settings and how to enable various protections.
San Diego, CA, May 12, 2012 , Stephen Cobb11 Tips for protecting your data when you travel
When we relayed the FBI/IC3 warning to travelers about a threat involving hotel Internet service overseas last week it produced a lot of requests for advice on how to respond to the threat. So a few of us researchers at ESET came up with a list of data security tips for travelers. These tips will help you keep your data safe while travelling in general, and defeat this particular threat (IC3 says a pop-up appears as you are signing in to the hotel Internet and asks you to update perform a software which is actually a malware infection).Below the list are some additional strategies and one example of what not to do with your laptop and your car, wherever you happen to be driving.
San Diego, CA, May 9, 2012 , Stephen CobbForeign Travel Malware Threat Alert: Watch out for hotel Internet connections
We received a worrying notice today from the Internet Crime Complaint Center (IC3) which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), The headline reads: "Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections." We felt that the warning which followed the headline was serious enough to relay it promptly to our readers in its entirety:Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.Recently, there have been instances of travelers' laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product.
San Diego, CA, May 1, 2012 , David HarleyFacebook Memes: not always innocuous
A few months ago I wrote a fairly short comment piece for Virus Bulletin on how some popular posts to Facebook that invite you to make use of your personal data might be useful to scammers and others as part of some sort of data aggregation attack. An example I included was a popular posting featuring a simple code wherebythe poster, usually female, posts that ‘I’m [n] weeks in and craving [some kind of candy]’. where [n] represents the month as drawn from a list like this:January - x weeksFebruary - y weeks(and so on: the number isn't a simple n+1 increment, by the way)There is another type of list on which different types of food, especially candy, represent different days of the month.1 – Snickers2 – Oreos3 – M&Ms(and so on up to 31)(Note that these lists have been modified from lists that I've actually seen, not just copied.
San Diego, CA, April 30, 2012 , Cameron CampCould your next new car be hacked (should you be scared)?
A rush of new data technology ushering its way into the next generation of cars – ranging from vehicles which semi-autonomously drive themselves, to realtime data streaming onto head’s up displays – begs the question: will they be safe from cyber shenanigans, or will you have to deploy security software on your next (probably hybrid) car?At Blackhat last year, I watched a demo of hacking a car using wireless, where they were able to unlock its doors and start it up. The team that did the demo disclosed the situation to the car manufacturer, with the hope they could put protections in place to stop those with less-than-noble intentions (and free time) to try the same. But what if the hack team decided to go the “Dark Side” and started unlocking cars and driving them off to chop shops?Traditionally, cars have had rudimentary computing systems, implemented to carry out fixed tasks like measuring fuel for injection, making your transmission shift more smoothly under gentle acceleration or to improve gas mileage – things like that.But with some manufacturers hoping to roll out location-aware browser-based or embedded information systems, can scams be far behind? Browser-based exploits have a long and illustrated history on more traditional platforms.
San Diego, CA, April 28, 2012 , Stephen CobbPrivacy and Security in the Consumer Cloud: The not so fine print
The consumer cloud expanded again this week with the addition of Google Drive to more familiar brands like Dropbox, Microsoft SkyDrive, Apple iCloud, and Amazon Cloud Drive. Unfortunately, most of these cloud-based file storage services come with privacy and security caveats, often involving language such as "You give us the right to access, retain, use and disclose your account information and Your Files…" and "We do not guarantee that Your Files will not be subject to misappropriation, loss or damage and we will not be liable if they are…"Why cloud?Before I explain why it is now more important than ever to read the "Terms of Service" and "Privacy Policy" that apply to any online services you may want to use, let me say a few words about what the consumer cloud means in practical terms. It means Internet access to gigabytes of online storage space–at low or no cost–from a wide range of devices, desktop to smartphone.Full access is provided to the account holder and partial access may be made available to third parties designated by the account holder, like friends and family, on some consumer cloud services (we will deal with service operator access in a moment).
San Diego, CA, April 23, 2012 , Stephen CobbQR Codes and NFC Chips: Preview-and-authorize should be default
What do printed QR codes and NFC (Near Field Communication) chips have in common, besides storing instructions that computers can read? They are both hackable and their ability to store and communicate computer instructions is bound to be abused, if not already, then sometime soon. This happens to every new means of communication; QR and NFC are no exception. Call it "Cobb's first law of communications abuse" or just a statement of the obvious: Every new means of communication will be abused. Of course, the second law states that the abuse will include, if at all possible, the spreading of malicious software.
San Diego, CA, April 17, 2012 , Righard ZwienenbergPhishing using HTML and Intranet Security Settings
Phishers always try to find new ways to bypass security features and trick ‘educated’ users. Over the years we have seen simplistic phishing attempts where the required information had to be typed into the e-mail body. This worked at that time because phishing was new and hardly anyone had a notion of the implications. Later, when spam filters became aware of these kinds of mails, we saw the evolution to direct links in e-mail, then to obfuscated links in e-mail where the e-mails looked professional and had the appearance of official messages from the organization the phishers desire your information from.
San Diego, CA, April 12, 2012 , Cameron CampPinterest security update
We recently highlighted a security walkthrough on Pinterest.com, the pinboard style sharing website that’s taking the social media by storm. Since then, they’ve continued to grow, and continued to have accompanying growing pains common in organizations with rapid growth. Here we highlight ways they are adapting, changes they are making, and what it means to you.
San Diego, CA, April 11, 2012 , Stephen CobbWill of the WISP: Your company’s Written Information Security Program
Does your company have a written information security program? If not, it could be on the wrong side of the law, regardless of where your company is located or what size it is. Which law? Something they passed about two years ago in the Commonwealth of Massachusetts, something that is usually referenced with the snappy title of 201 CMR 17.00. And before you go thinking that this does not apply to you because you don't do business in the Bay State, bear in mind that 201 CMR 17.
Quick Links: Store | Renew | Activate | Online scanner | ESET vs. Competition | Blog
© 1992 - 2012 ESET, spol. s r.o. - All rights reserved. Trademarks used therein are trademarks or registered trademarks of ESET, spol. s r.o. or ESET North America. All other names and brands are registered trademarks of their respective companies.
ESET – globálna centrála, Aupark Tower, Einsteinova 24, 851 01 Bratislava, Slovenská republika, Spojovateľka: +421 (2) 322 44 111
Obchodné oddelenie: +421 (2) 322 44 250 (obchod@eset.sk), Fax: +421 (2) 322 44 109
Technická podpora: +421 (2) 322 44 444