Tag Archives: Trackers

Security News Bites for the Week Ending Oct. 5, 2018

Web Page Load Times Double Due to Trackers

Trackers, those microscopic bits of pixie dust that web pages and advertisers insert into web pages to track our activities, make a significant negative contribution to user experience.

Full disclosure – this study was done by Ghostery, who makes software – free software – that blocks these trackers.

Ghostery looked at the page load time of the top 500 US web sites as defined by Alexa and discovered that it took, on average, 10 seconds longer to load with trackers enabled than when blocked by Ghostery.

The 10 slowest of the top 500 sites loaded 10x faster without trackers, saving users 84 seconds on average.

Obviously you could run their free software to reduce your page load times and I have run it for years.  It is amazing how many trackers can exist on one web page.  Source: Ghostery

Feds Issue Alert Regarding Remote Deskup Protocol

Sometimes it takes the feds a little while to realize what we have known for years.  Remote Desktop Protocol or RDP is a Microsoft mechanism for remotely logging in to another computer.  Sometimes people (not very wisely) enable this capability over the Internet.

RDP was designed for LAN administrators to remotely access a user’s computer or a server on the same network, so security considerations were never a top priority.  Over the years Microsoft has improved the security of RDP but still – my opinion – it is foolish to enable this so that a hacker in Timbuktu can try to hack into your network.

Finally, after several years of these widespread attacks, the FBI has issued an alert telling people this is not a good practice.  There are ways to secure that RDP connection, the easiest of which is to require remote users to establish a VPN connection first.  Source: Homeland Security.

Adobe Patches 85 Vulnerabilities in Acrobat and Reader

Adobe has released patches for 85 vulnerabilities in Acrobat and Acrobat Reader for both Windows and Mac.  85 is a pretty big number.  Some of the vulnerabilities allow for remote code execution while others allow for information disclosure or privilege elevation.  In other words, an entire buffet of problems.

This points to why it is so critical to understand what apps you have installed and make sure that they are patched quickly.  Every single time patches are released.  On every device in the network.  Desktops.  Laptops.  Servers.  Phones.  Tablets.  Everywhere.  As of today, Adobe says they are not being exploited in the wild – that they know of.  Tomorrow, at a minimum, every foreign intelligence agency in the world will have reverse engineered them and figured out how to use them as a weapon.  That doesn’t count the hackers.  Source:  The Register.

FBI Forces Child Abuse Suspect To Look at His Phone

In August, for the first time ever that we know of, the FBI obtained a warrant to force a person to look at his iPhone X to unlock it using Apple’s face recognition.  A month later he was charged with receiving and possessing child porn.

While no sane person is going to suggest that the judge should not have issued the warrant in this case, it points to the assumption that people have that stuff on their mobile devices is private.  A bad guy could put a gun to your head and that would likely have the same effect as the warrant.

Privacy is a relative term and as long as everyone understands that, we are all good.  Source: Forbes.

DoJ Indicts 7 Russian Hackers;  Odds of Them Standing Trial Are Almost Zero

The Department of Justice announced criminal charges against 7 Russian intelligence operatives this week, charging them with wire fraud, money laundering, identity theft and hacking.

Russia is unlikely to hand them over to the United States to stand trial and unless the Intelligence agents are not very intelligent, they will never visit any country that has an extradition treaty with the U.S.

That being said, a couple Russian criminal hackers (who are likely not as intelligent as GRU officers) have been known to visit countries friendly to us, so it is, technically possible, that they could wind up on trial in the U.S.  Just not very likely.

These indictments add more fuel to the fire that Russia is hacking us, although this is not specifically tied to the elections.  Source: CNN

 

Given that the President has

Facebooktwitterredditlinkedinmailby feather

Security News Bites for the Week Ending Sep 7, 2018

China Using Fake Linkedin Profiles to Recruit Americans as Spies

US intelligence officials are warning LinkedIn users that China is being “super aggressive” at recruiting Americans with access to government and commeACrcial secrets.

The Chinese are creating fake LinkedIn profiles, friending people and trolling to see if they would be valuable if flipped or conned out of information.  The Brits and Germans are seeing similar activity.

Intelligence officials are asking LinkedIn to be more aggressive at terminating offending accounts.  Twitter has recently cancelled 70 million accounts.

LinkedIn users should be on alert.  Source: The Hill .

Firefox Ups the Advertising War in Version 63

Many web sites that we visit have dozens of trackers on them.  For example, the Wall Street Journal, has 46 of them on its homepage alone (see below).

All of these trackers increase page download time and since each one of these tracker websites needs to be individually contacted and fed information to track us, it increases the time to load a page and the amount of data that we use.  While individually, the numbers may be small, if you look at, say, 100 pages in a day and every one of them calls 46 trackers (many don’t), that would be like visiting 4,700 web pages a day, just to read 100.

Firefox, which is owned by the non-profit Mozilla Foundation, unlike Chrome (Google) and Internet Explorer/Edge (Microsoft), doesn’t care much about offending advertisers.

For years now browsers have supported a user specified DO NOT TRACK flag and web sites have, pretty much uniformly, ignored the flag and tracked us any way.

Come version 63 of Firefox a new feature will be tested and in version 65 it will become the default.

The feature will block trackers by default.  Users will be able to turn the feature off and also unblock one site at a time.

uBlock and uBlock Origin are among the products out there that do similar things, although advertisers can, I think, pay them to get on their “not blocked” list.  The difference here is that it is built in, TURNED ON BY DEFAULT – you do not need to buy or install anything.

The ad war just ratcheted up a bit.  Source:  The Register.

Google Buys Offline Transaction Data from Mastercard

Bloomberg says that Google signed an agreement with Mastercard (and likely other credit card companies) that give them some access to offline purchases.  Both Google and Mastercard say that they don’t know what items you bought, only where, when and how much you spent.  They are using this data to give advertisers confidence that their online ads are working based on showing you an ad and then you go spend money in the advertiser’s store.  They also are buying loyalty card data with a different program and that could provide much more detailed data including exactly what you bought.  Both companies are being tight lipped about exactly how the program works, so we don’t know precisely what data Mastercard is sharing or how many millions Google paid to get that data.  Source: Tech Crunch.

Ten Fold Increase in Security Breach (Reporting) Since GDPR

British law firm Fieldfisher is reporting that prior to GDPR they were dealing with around 3 breach cases a  month and post GDPR they are dealing with one case every day.

This is likely not due to hackers upping their game, but rather companies that would have previously swept a breach under the rug are now reporting it, fearing that 20 million Euro sword aimed at their head if they don’t report and get outed.  That outing could be from an employee who disagrees with the idea of keeping a breach secret.

The breaches that Fieldfisher is seeing are both small, technical breaches and larger breaches similar to the British Airways breach this week that compromised 300,000+ credit cards. Source: Computing.

Data on 130 Million Chinese Hotel Guests for Sale on Dark Web

Data on guests of the Chinese hotel chain Hauzhu (3800 hotels) is available on the dark web for around $50k (8 bitcoin).  The data – 240 million records – includes everything from name, address, phone, email to passports, identity cards and  bank account information.  Make sure you have a good Internet connection if you buy it – the data is about 140 gigabytes in size.  While the Chinese are trying to shut down all forms of cryptocurrency since they can’t control it, that doesn’t stop foreigners from buying the data.  Source: Next Web.

Facebooktwitterredditlinkedinmailby feather