Tag Archives: AirBnB

Security News for the Week Ending September 24, 2021

Detecting Hidden Cameras in Your Airbnb and Similar Rentals

No one wants to think about this, but it is an issue. Especially in private home/condo rentals, owners are worried about you stealing or damaging their stuff. And some of them are just stalkers. Here is a TikTok video from well known security researcher Marcus Hutchins on some things that you can do to look for hidden cameras. Credit: Hack Read

Japan Sets New Internet Speed Record – 319,000,000,000,000 bits per second

While not a security issue, it is pretty impressive. This beats the old record of 178 terabits/second. The test was carried out in a lab, but simulated a 3,000 KM fiber. This is definitely still experimental, so don’t expect to get this speed at your house any time soon. Credit: Computing (free account required)

The Internet is Going to Break

Well, I don’t think so, but some people are concerned. Let’s Encrypt is that free service that lets web site owners encrypt traffic to and from their website. Let’s Encrypt’s original ROOT CERTIFICATE is going to expire in about a week. They updated their certificate in clients like Chrome and Edge and server software like Linux Apache a long time ago, but what about users that are running old, unsupported software. In a word, they are going to be SOL. The certificate will show as expired and depending on the situation, the user likely will not be able to establish the connection. If it is a server that has that expired certificate, even if the user has been updated, things won’t work. Bottom line, this is only going to be a problem for old, unsupported systems – but there are a lot of these. Stay tuned. Old IoT devices are most likely to break. If you are responsible for systems, now would be a good time to test. Credit: Portswigger

VoIP Phone Provider Hit by Denial of Service Attack; Has Been Down for a Week

This is the downside of the cloud. VoIP.ms has been battling a massive (they say) distributed denial of service attack since September 16th. They say they have over 80,000 (likely unhappy) customers in 125 countries. All of whom have limited voice service as a result of the attackers wanting VoIP.ms to pay them a ransom to stop the attack. How would your business operate if it did not have phone service for a week? Credit: ZDNet

100 Million IoT Devices Affected by New Bug

NanoMQ is an OPEN SOURCE messaging processing platform that is used in many critical IoT devices like patient monitors, fire detection, car system monitors and smart city applications, among many others. Researchers form Guardara detected multiple vulnerabilities affecting as many as 100 million devices. It could cause the device to crash – that is very simple to do – or worse. Attacks on these kinds of devices are spiking and until IoT vendors get serious about security, plan on a backup system for anything that is critical. While some people continue to spread the myth that Open Source software is secure, there is not much evidence for that as we see bug after bug revealed in super popular apps, never mind the really niche ones. Credit: Threat Post

Security News Bites for the Week Ending April 5, 2019

Oops – Office Depot Mimics Phone Phishers

Thanks to reader Gina for this one.  Office Depot got caught scamming its customers telling them they had (fake) malware on their computers when they asked OD and its vendor Support.com to scan their computers.

No, they didn’t have malware – just a bill for unneeded services.

While taking your computer to Office Depot or Best Buy is convenient and inexpensive,  historically, it has not always worked to your advantage.

Office Depot will pay $25 Mil in fines; Support.com another $10 Mil.  Source: Ars Technica.

FBI Doesn’t Warn Hacking Victims of Their Rights

The FBI’s Office of Inspector General says that the FBI does not warn victims of international cyber-espionage that their data was under attack, say by the Russians.

The OIG says that FBI victim letters were almost never sent in national security cyber cases.

The FBI’s Office of Victim Assistance blames outdated guidelines.  An AP investigation showed that only a handful of the victims of Russian hacking during the 2016 election season received any assistance from the FBI.

This is consistent with my post this week titled “Who *IS* going to rescue us” .  Plan on protecting yourself.  Source: Seattle Pi.

Earl Restaurants Admits Breach – Likely 2 Million Cards Hacked

Early Enterprises, parent of Buca de Beppo, Earl of Sandwich , Planet Hollywood and other brands finally admitted that their point of sale system was hacked.  For almost a year before someone told them.  No, they did not find it themselves.

They are not providing any details; not even information on how many cards were stolen.  They are also not offering any support to the victims other than a web page FAQ and a call center to complain to.  Beyond that, you are on your own.  Source: Brian Krebs.

Lock ‘Em Up!

No, I am not talking about our President at a campaign rally.

But I am talking about a Presidential candidate.

Elizabeth Warren wants to make sure that CEOs who are at the controls of companies who have large breaches, like Equifax, are held accountable.

For companies that earn more than a billion dollars in revenue the consequences of a breach could be a year in jail.  Repeat offenders could get three years in jail.  Source: Ars Technica.

More on Hidden Cameras in Rental Properties

In March I wrote about the problem with hidden cameras in rental properties and hotel rooms (see post here).  This week there was an article in CNN discussing this very issue.

A Family with 5 kids is travelling around the world and when they arrived in Ireland, the father scanned for WiFi signals and found a hidden camera that was livestreaming their stay.  It didn’t say if scanning for cameras was their normal practice.

The owner would not confirm whether there were more cameras, so the family moved to a hotel, but AirBnB would not refund their money.

In fact, initially, AirBnB claimed to investigate the owner and after the investigation, said there was no problem and reinstated the listing.

Only after they posted the item on social media and the local New Zealand news stations picked up the item did AirBnB understand the potential brand damage and refund their money.