Updates to Anti-Social Media
(1) ESET: Facebook fined over data privacy scandal
You’re probably already aware of the gentle tap on the wrist administered by the UK’s Information Commissioner’s Office (ICO), but this does actually indicate why the penalty was so much less than you might have expected (in theory, up to 4% of the company’s total income).
(2) An article from The Next Web: Experts warn DeepFakes could influence 2020 US election – “Fake AI-generated videos featuring political figures could be all the rage during the next election cycle, and that’s bad news for democracy.”
(3) Graham Cluley: Facebook doesn’t want to eradicate fake news. If it did they’d kick out InfoWars – “Social networks giving sick conspiracy theorists a platform to spread hate.” Graham points out that InfoWars misinformation is also an issue on YouTube.
John Leyden for The Register: Google’s ghost busters: We can scare off Spectre haunting Chrome tabs – “Site Isolation keeps pages fully separate on Windows, Mac, Linux, Chrome OS … Rather than solely defending against cross-site scripting attacks, the technology is now positioned as a necessary defence against infamous data-leaking Spectre CPU vulnerabilities, as a blog post by Google explained this week…”
Updates to Chain Mail Check
Brian Krebs: Sextortion Scam Uses Recipient’s Hacked Passwords
The scammer claims to have made a video of the intended victim watching porn, and threatens to send it to their friends unless payment is made. Not particularly novel: the twist with this one is that it “references a real password previously tied to the recipient’s email address.” Krebs suggests that the scammer is using a script to extract passwords and usernames from a known data breach from at least ten years ago.
The giveaway is that very few people are likely to be using the same password now – and it’s unlikely that there are that many people receiving the email who might think that such a video could have been made. Still, it seems that some people have actually paid up, and it’s possible that a more convincing attack might be made sending a more recent password to a given email address, and perhaps using a different type of leverage.
Commentary from Sophos here.