Category Archives: Anti-social media

Updates to Anti-Social Media October 17th 2018

Sophos: Donald Daters app for pro-Trump singles exposes users’ data at launch – “Donald Daters, a new dating app that promises to “make dating great again” has instead leaked its users’ data.”

The Mercury News: Facebook lured advertisers by inflating ad-watch times up to 900 percent: lawsuit – “A group of small advertisers … alleged in the filing that Facebook “induced” advertisers to buy video ads on its platform because advertisers believed Facebook users were watching video ads for longer than they actually were.”

David Harley

Advertisements

12th October resource updates

Updates to Anti-Social Media 

Sophos: Instagram tests sharing your location history with Facebook – “For those Facebook users who still cling to the notion that they can limit Facebook’s tracking of our lives like it’s an electronic bloodhound, you should be aware that its Instagram app has been prototyping a new privacy setting that would enable location history sharing with its parent company.”

The Register: Facebook mass hack last month was so totally overblown – only 30 million people affected – “Good news: 20m feared pwned are safe. Bad news: That’s still 30m profiles snooped…”

Me, for ESET: Facebook cloning revisited

Updates to Cryptocurrency/Crypto-mining News and Resources

Brad Duncan for Palo Alto Unit 42: Fake Flash Updaters Push Cryptocurrency Miners – “…As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

The Register: If you haven’t already patched your MikroTik router for vulns, then if you could go do that, that would be greeeeaat

Updates to Chain Mail Check

Facebook cloning revisited

Updates to Mac Virus

Chinese iPhone users – Apple IDs compromised

David Harley

Anti-social media update

Thomas Claburn for The Register: Facebook sued for exposing content moderators to Facebook – “Endless series of beheadings and horrible images take mental toll, US lawsuit claims”


Silicon: WhatsApp Founder Admits Selling Out Privacy To Facebook – “Co-founder of WhatsApp Brian Acton admits selling out the privacy of WhatsApp users to Facebook”


Sophos: Facebook scolds police for using fake accounts to snoop on citizens

‘In a letter to MPD Director Michael Rallings, Facebook’s Andrea Kirkpatrick, director and associate general counsel for security, scolded the police for creating multiple fake Facebook accounts and impersonating legitimate Facebook users as part of its investigations into “alleged criminal conduct unrelated to Facebook.”’


Graham Cluley for BitDefender: Zuckerberg’s Facebook page? I’ll livestream its deletion, says hacker


New York Times: Facebook Network is Breached, Putting 50 Million Users’ Data at Risk

The Register: Facebook confesses crappy code has exposed up to 90 million users to hackers

David Harley

Anti-Social Media updates

Updates to Anti-Social Media 

Lisa Vaas for Sophos: Years on, third party apps still exposing Grindr users’ locations – “Grindr, the premium gay dating app, is exposing the precise location of its more than 3.6 million active users, in addition to their body types, sexual preferences, relationship status, and HIV status…

…Still.”


Nathan Gleicher for Facebook: Expanding Security Tools to Protect Political Campaigns – “Over the past year, we have invested in new technology and more people to stay ahead of bad actors who are determined to use Facebook to disrupt elections. Today we’re introducing additional tools to further secure candidates and campaign staff who may be particularly vulnerable to targeting by hackers and foreign adversaries. This pilot program is an addition to our existing security tools and procedures, and we will apply what we learn to other elections in the US and around the world.”

Commentary by Danny Bradbury for Sophos: How Facebook wants to protect political campaigners from hacking – “Facebook is making the extra protections available to a select class of political operatives, namely candidates for federal or statewide office, and staff members and representatives from federal and state political party committees.”


Also by Lisa Vaas for Sophos: Facebook faces sanctions if it drags its feet on data transparency – Vera Jourova, the European Commissioner for justice, consumers and gender equality, is evidently not in the least impressed.

David Harley

Facebook takedown of influence operations

I was a little late spotting this New York Times article from August 21st: Sheera Frenkel and Nicholas Fandos: Facebook Identifies New Influence Operations Spanning Globe – “We know that trolls on social media are trying to sow discord on contentious subjects like race, guns and abortion, but how do they do it? Here is a visual guide to their strategy.”

It’s starting point is this article from Facebook – Taking Down More Coordinated Inauthentic Behavior – regarding how it has taken down 652 pages, groups and accounts for ‘inauthentic behavior’ after receiving information from FireEye about ‘Liberty Front Press’. FireEye’s analysis is summarized here – Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East – linking to a 38-page report.

Fascinating stuff.

David Harley

(Anti-)Social Media updates 24th August 2018

Updates to Anti-Social Media 

Richi Jennings for TechBeacon’s Security Blogwatch: It’s election hacking season: Are you a target? A selection of commentary from a variety of sources. “Allegedly, Russia and Iran have been phishing, hacking, and building fake profiles on Facebook, Twitter, and YouTube…With the midterms just a few months away, the froth is building.”


Graham Cluley for BitDefender: Facebook pulls its VPN from the iOS App Store after data-harvesting accusations – “Facebook has withdrawn its Onavo Protect VPN app from the iOS App Store after Apple determined that it was breaking data-collection policies.”

John Leyden for The Register: Facebook pulls ‘snoopy’ Onavo VPN from Apple’s App Store after falling foul of rules


Rebecca Hill for The Register: Chap asks Facebook for data on his web activity, Facebook says no, now watchdog’s on the case – “Info collected on folk outside the social network ‘not readily accessible’ … Facebook’s refusal … is to be probed by the Irish Data Protection Commissioner … Under the General Data Protection Regulation … people can demand that organisations hand over the data they hold on them.”


Lisa Vaas for Sophos: Facebook’s rating you on how trustworthy you are – a good analysis of the difficulties Facebook and other social media face in addressing the problem of fake news.

David Harley

How being online influences real-world behaviour

An article in the New York Times focuses on a paper by Karsten Müller and Carlo Schwarz of the University of Warwick that made a startling assertion: “Wherever per-person Facebook use rose to one standard deviation above the national average, attacks on refugees increased by about 50 percent.” I don’t think they mean to imply that Facebook directly or intentionally encourages the negative traits that such attacks represent: more that it “isolates us from moderating voices or authority figures, siphons us into like-minded groups and, through its algorithm, promotes content that engages our base emotions.” Or to put it another way, our tendency to group ourselves into like-minded ‘bubbles’ inclines us to make distorted assumptions about how widespread our pet beliefs are, assumptions reinforced by ‘superposters’ who energetically promulgate those same beliefs.

While it’s not exactly the same thing,, being more focused on anonymity and pseudonymity,  I was reminded of an older paper by Mich Kabay that has influenced my own thinking significantly over the years: Anonymity and Pseudonymity in Cyberspace: Deindividuation, Incivility and Lawlessness Versus Freedom and Privacy. The similarity is in the examination of the ways in which online behaviour can differ (for the worse) from behaviour in the real world. The difference is the way in which the Warwick study suggests that behaviour in the real world can be redirected into unacceptable channels by perceptions moulded by social media.


And here are a trio of further items about ‘anti-social media’….


A paper by Professor Douglas C. Schmidt on Google Data Collection makes clear just how much information Google is collecting about its users and the purposes for which it can be used. It is … disquieting …


Rebecca Hill for The Register: Bloke hurls sueball over Google’s ‘is it off yet?’ location data slurping – “…a lawsuit has accused the search-cum-ads biz of unlawfully invading users’ privates and intentionally complicating the opt-out process…after last week’s Associated Press probe into location data slurping.”


Lisa Vaas for Sophos: Social networks to be fined for hosting terrorist content – “On Sunday, the Financial Times reported that the EC’s going to follow through on threats to fine companies like Twitter, Facebook and YouTube for not deleting flagged content post-haste.”

David Harley

Anti-Social Media: bumper bundle

[I’ve been catching up after a week out of office, so there’s quite a lot to be depressed about this time.]

Zeljka Zorz for Help Net: Turning off Location History doesn’t prevent Google from knowing your location  – “If you believe that by turning off Location History on your Android device or iPhone means that Google won’t be able to know your location, think again: Princeton University researchers have confirmed Google services store users’ location regardless of those settings.”

Help Net is quoting research performed on behalf of Associated Press…”  AP says “Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored…That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.”


Kashmir Hill and Surya Mattu for Gizmodo: Facebook Wanted Us to Kill This Investigative Tool  – “Last year, we launched an investigation into how Facebook’s People You May Know tool makes its creepily accurate recommendations….In order to help conduct this investigation, we built a tool to keep track of the people Facebook thinks you know. …. In January, after hiring a third party to do a security review of the tool, we released it publicly on Github for users who wanted to study their own People You May Know recommendations.”

Facebook, it seems, wasn’t happy about the release of the tool, for more than one reason. I can actually understand that the terms of service that it might violate are at least in part imposed for reasons of security (or should be). Yet Gizmodo points out that “Journalists need to probe technological platforms in order to understand how unseen and little understood algorithms influence the experiences of hundreds of millions of people”: Facebook’s apparent distrust of this assertion may tell us something about its PR worries, and even about the intrusive nature of the algorithms it prefers to keep secret.


Graham Cluley: Twitter CEO says they’re taking no action against InfoWars and Alex Jones
IT’S THE SAME CONTENT THAT FACEBOOK, YOUTUBE, SPOTIFY, AND APPLE BANNED.
If you’re unaware of the fuss about Jones, you might like to check out this article in the New York Times: Alex Jones, Pursued Over Infowars Falsehoods, Faces a Legal Crossroads


Teiss: Facebook denies it asked banks to share customers’ financial information –  Summarizes a story from the Wall Street Journal which I haven’t read because I’m not a subscriber.


Pierluigi Paganini: Social Mapper – Correlate social media profiles with facial recognition
“Security experts at Trustwave have released Social Mapper, a new open-source tool that allows finding a person of interest across social media platform using facial recognition technology…Experts from Trustwave warn of potential abuses of Social Mapper that are limited “only by your imagination.””

Which is unfortunate in that it’s easily found for free…

David Harley

AVIEN resource updates 3rd August 2018

Updates to Anti-Social Media 

A fascinating article for Quartz by Nikhil SonnadEverything bad about Facebook is bad for the same reason – “Facebook only does the right thing when it’s forced to. Instead, it needs to be willing to sacrifice the goal of total connectedness and growth when this goal has a human cost; to create a decision-making process that requires Facebook leaders to check their instinctive technological optimism against the realities of human life.” Recommended. (Hat tip to Daring Fireball.)

The Next Web: Telegram Passport is already drawing fire for not being secure enough – “Its password encryption could be cracked for just $5”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

US-CERT advised that the FBI published an article on securing the internet of things. US-CERT also flagged the NCCIC Tip Securing the Internet of Things.

David Harley

AVIEN Resource updates 2nd August

Updates to Anti-Social Media 

(1)

New York Times: Facebook Has Identified Ongoing Political Influence Campaign – “Facebook announced on Tuesday that it has identified a coordinated political influence campaign, with dozens of inauthentic accounts and pages that are believed to be engaging in political activity around divisive social issues ahead of November’s midterm elections.”

Commentary from The Register: Facebook deletes 17 accounts, dusts off hands, beams: We’ve saved the 2018 elections – “Yeah, that’ll do the trick, Mark”

Facebook’s own blog post: Removing Bad Actors on Facebook

(2)

Luana Pascu: GDPR directly impacts Facebook, 1 million European users lost 

(3)

The Register: UK ‘fake news’ inquiry calls for end to tech middleman excuses, election law overhaul  “British lawmakers have been told to create tougher rules for social media giants claiming to be neutral platforms, establish a code of ethics for tech firms, and plump up the UK’s self-styled “data sheriff”.”

(4)

Roger Thompson (Thompson Cyber Security Labs): Ok, this was scary – a disquieting example of how much more information is ‘publicly available’ than you probably think. Even scarier is the question of how much publicly available information is actually accurate.

Updates to Cryptocurrency/Crypto-mining News and Resources

Graham Cluley: Steam game Abstractism pulled after cryptomining accusations

The Register: ‘Unhackable’ Bitfi crypto-currency wallet maker will be shocked to find fingernails exist – “A crypto-currency wallet heavily promoted as “unhackable” – complete with endorsements from the security industry’s loopy old uncle John McAfee and a $350,000 bounty challenge – has, inevitably, been hacked within a week.”

Bleeping Computer: Massive Coinhive Cryptojacking Campaign Touches Over 200,000 MikroTik Routers – “Security researchers have unearthed a massive cryptojacking campaign that targets MikroTik routers and changes their configuration to inject a copy of the Coinhive in-browser cryptocurrency mining script in some parts of users’ web traffic.” Lengthy analysis by Trustwave: Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?

Updates to GDPR page

The Register: India mulls ban on probes into anonymized data use – with GDPR-style privacy laws – “Thought having your call center in India was a good idea? Maybe not so much now”

Luana Pascu: GDPR directly impacts Facebook, 1 million European users lost 

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Pierluigi Paganini: Tens of flaws in Samsung SmartThings Hub expose smart home to attack
““Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” reads the analysis published by Talos.”

The SANS OUCH! newsletter for August offers basic but generally sensible advice on Smart Home Devices. “There is no reason to be afraid of new technologies but do understand the risk they pose. By taking these few simple steps you can help create a far more secure Smart Home.”

Updates to Mac Virus

Android and OneDrive, and iOS-targeting phish

David Harley