Computer Internet Security, Privacy and Safety

Contact Us | Basic Computer Security | Children's Privacy Policy | Accessibility | Security Services

We spoke earlier of defense against spies. Then we looked at private email. We looked at Endpoint Security. Just for fun, we look at Bitcoin theft. Then cookies and the threats therefrom. Then we looked at more secure ways to talk. Now look at secure email.


The Basics of Internet Privacy and Security

How to Protect Computers, Tablets and Mobile Devices: TOR, IP Anonymizer, Cookies, Browser History, Hacks, Java and Java Script, Malware, Privacy, Viruses, Virtual Private Networks (VPN), Google Chrome and AdBlock

Cybersecurity News And Alerts

NSA Hack Set Loose on World

It appears that malware hacked from the NSA in April 2017 has been set loose on the world. The massive ransomware infection hit at least 99 countries.

Russia Hacked 500 Million Yahoo Accounts

The Department of Justice reports: The defendants used unauthorized access to Yahoo’s systems to steal information from about at least 500 million Yahoo accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, U.S. and Russian government officials and private-sector employees of financial, transportation and other companies.

Trump Security Breach

For months, the security community has known that both the DNC and GOP were hacked. The DNC hack was used to undermine Hillary. The GOP / Trump hacks were meant for blackmailing Trump. U.S. security agencies were aware of Donald Trump’s security breaches since at least June of 2016.

Russia Attempts to Hack Electric Grid

Malware associated with a Russian hacking operation, Grizzly Steppe, was found on a Burlington Electric computer. It appears as though Russia was trying to access the power grid; however, the infected computer was not connected to the network. “Vermonters and all Americans should be both alarmed and outraged that one of […]

Russia And Cybersecurity

Cozy Bear and Fancy Bear are two hacking organizations from Russia. Cozy Bear (classified as advanced persistent threat APT29) are believed to be associated with Russian intelligence. Fancy Bear (also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) is a cyber espionage group believed to be sponsored by the […]

"Russia is a full-scope cyber actor that poses a major threat to US government, military, diplomatic, commercial and critical infrastructure," the testimony said. It was written by James Clapper, the Director of National Intelligence, Marcel Lettre, Undersecretary of Defense for intelligence, and Admiral Michael Rogers, director of the National Security Agency.

Yahoo Hacked

Yahoo disclosed that 500 million user accounts had been hacked. In December 2016, Yahoo announced that an additional one billion accounts had been hacked. “What’s most troubling is that this occurred so long ago, in August 2013, and no one saw any indication of a breach occurring until law […]

U.S. Security-clearances Hacked

There were two major breaches of U.S. government databases holding personnel records and security-clearance files of at least 22.1 million people, including Social Security numbers and some fingerprints, of not only federal employees and contractors but their families and friends. U.S. officials have privately said the hacks were traced to the […]

More Cybersecurity Insights

FAQ

Q: Is it true that flashlight apps for your smartphone may contain malware?
A: It’s not just flashlight apps. Over 90% of freeware (free computer software for photos, converting Youtube videos, etc.) and free app downloads contain malware that is secretly added to your device. Besides stealing your data, they can corrupt files or worse. Quite often they use your connection and device to attack other people making it look like you are the bad guy. Attacks on the Whitehouse, FBI, CIA and military bases (such as Andrews Air Force Base) have happened this way. As far as smartphone apps go, there are not that many legit apps. Apple is of particular concern because their developer's "tool kit" has been compromised. The result was many legit app developers used the official Apple tool kit, but ended up incorporating malware. This is what happened with most of the flashlight apps. (1)

By the way, the apps developed for Facebook are often used to compromise your Facebook account and steal your identity, as well as, attack all your friends. If Facebook doesn’t make the app, don’t use it. Examples of bogus apps include “What song was a hit on your birthday?”, “How loyal are you?”, “Who is stalking you?”, “Which season of the year are you?”, “3 reasons to love yourself!”, “Let’s make a drawing of you” and “Yourself as an oil painting”.

Q: How do I know if Facebook makes the app?
A: If Facebook makes the app, it is usually automatically integrated into the interface. Examples include when Facebook added more choices to the "like" button and the app they put in your feed about "1 year ago today". Those are Facebook apps. The ones that tell you about your loyalty, stalkers, hit record on your birthday, compare you to your friends, etc. are clickbait and should be avoided. Almost all of these apps abuse your friends. Some of them allow your account to do criminal activity, such as, post sunglasses or shoes for sale tagging your friends without your knowledge. Some of them do even worse stuff, such as, compromise your account and use your account to surreptitiously to do a host of bad activities.

Q: Are Android apps safer than Apple apps?
A: Most apps are not developed by Google, Microsoft or Apple. If someone is giving an app away, it is probably for ill purposes. Nevertheless, the advantage of Android — it is built on Linux (open source code.) This means anyone can see the source and/or fix the computer code. That is not the case with Apple or Microsoft. We suggest Android on your phones and Linux on your computers.

Q: My tech-savvy son says it is safe to download apps from Google. Is the Google app store safe?
A: it’s not Google… it is the open source community. Google doesn't own Android. Android is based on Linux (free open source software) the Linux community is serious about security. We’ve been involved with Linux development since the 1990's. Apple and Microsoft are based on proprietary software which is the opposite of the open source philosophy. In any event, none of us like Google for other reasons; however, their exploitation of Linux is better for mankind than Apple and Microsoft. Google Android apps are a better bet than other OS’s (operating systems) because they use Linux. That doesn't mean you should trust Google. Do not trust Google.

Q: What about GPS apps?
A: GPS apps are the most exploited function/app of a smartphone. Not only do private companies exploit the data but bad guys and our government do, too. So my advice is what I did for my Dad. He suffers from dementia and tends to wonder off. We got a Metro PCS smartphone and the sole use is for tracking my Dad with a GPS app. If you want a GPS, use a separate device.

An example of a GPS smartphone app scam recently happened in Chester County, PA. Bad guys hacked GPS apps and sent fraudulent email traffic tickets to unsuspecting motorists. (2)

References:
1) Apple's App Store infected with XcodeGhost malware in China after major security breach. China;s "Great Firewall" may have been partly to blame for the first major attack on Apple Inc’s (AAPL.O) App Store, but experts also point the finger at lax security procedures of some big-name Chinese tech firms and how Apple itself supports developers in its second biggest market. A malicious program, dubbed XcodeGhost, hit hundreds – possibly thousands – of Apple iOS apps, including products from some of China’s most successful tech companies used by hundreds of millions of people. (Reuters)

2) Beware of This Crazy Speeding Ticket Scam; Philadelphia-area residents have been targeted, and the level of information the perpetrator has is downright scary. The Tredyffrin Police Department in Chester County announced the speeding ticket scam this week, explaining that three local residents reported receiving emails notifying them of speeding infractions. Tredyffrin doesn't have speed cameras, and the police say that they have nothing to do with these citation notices, but here's the thing: The residents were, in fact, speeding at the locations cited in the citations. How is this possible? Well, investigators suspect that a hacker has exploited a security flaw in some GPS-enabled smartphone apps. (Philly Magazine)

Archives
10 Basic Internet Security Rules (1997) | Does Anti-virus Software Work? Do Spam Filters Work? (2001) | What Is Wrong With Java (1998)

The Membrane Domain

©The Philadelphia Spirit Experiment Publishing Company
These graphics, images, text copy, sights or sounds may not be used without expressed written consent.

Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.