Tag Archives: ICO

AVIEN resource updates: July 15th 2018

Updates to Anti-Social Media 

(1) ESET: Facebook fined over data privacy scandal

You’re probably already aware of the gentle tap on the wrist administered by the UK’s Information Commissioner’s Office (ICO), but this does actually indicate why the penalty was so much less than you might have expected (in theory, up to 4% of the company’s total income).

(2) An article from The Next Web: Experts warn DeepFakes could influence 2020 US election – “Fake AI-generated videos featuring political figures could be all the rage during the next election cycle, and that’s bad news for democracy.”

(3) Graham Cluley: Facebook doesn’t want to eradicate fake news. If it did they’d kick out InfoWars – “Social networks giving sick conspiracy theorists a platform to spread hate.” Graham points out that InfoWars misinformation is also an issue on YouTube.

Updates to Meltdown/Spectre and other chip-related resources

John Leyden for The Register: Google’s ghost busters: We can scare off Spectre haunting Chrome tabs – “Site Isolation keeps pages fully separate on Windows, Mac, Linux, Chrome OS … Rather than solely defending against cross-site scripting attacks, the technology is now positioned as a necessary defence against infamous data-leaking Spectre CPU vulnerabilities, as a blog post by Google explained this week…”

Updates to Chain Mail Check

Brian Krebs: Sextortion Scam Uses Recipient’s Hacked Passwords

The scammer claims to have made a video of the intended victim watching porn, and threatens to send it to their friends unless payment is made. Not particularly novel: the twist with this one is that it “references a real password previously tied to the recipient’s email address.” Krebs suggests that the scammer is using a script to extract passwords and usernames from a known data breach from at least ten years ago.

The giveaway is that very few people are likely to be using the same password now – and it’s unlikely that there are that many people receiving the email who might think that such a video could have been made. Still, it seems that some people have actually paid up, and it’s possible that a more convincing attack might be made sending a more recent password to a given email address, and perhaps using a different type of leverage.

Commentary from Sophos here.

David Harley

Talk Talk fined for support scam issue

The Register: TalkTalk fined £100k for exposing personal sensitive info – 21,000 accounts handled by Indian outsourcing biz exposed

‘…TalkTalk found an issue with the UK ISP’s portal … One of the companies with access to the portal was Wipro, a multinational IT services company in India that resolved high level complaints and addressed network coverage problems on TalkTalk’s behalf … three Wipro accounts … had been used to gain unauthorised and unlawful access to the personal data of up to 21,000 customers.’

See also TalkTalk confesses: Scammers have data about our engineers’ visits to your home Info exploited, say customers

Added to tech support resources page, of course.

David Harley

FUD Marketing*: How not to sell Burglar Alarms

For the Register, Alexander J Martin describes a nasty example of marketing through fear strangely reminiscent of support scams, though it was burglar alarms that were being marketed here, not security software.

Telemarketers hit with £70,000 fine for cold-calling pensioners

The Information Commissioner’s Office reported that Direct Security Marketing Ltd, a company based in Dudley, ‘made nearly 40,000 automated calls, with 9,775 being made between 1am and 6am.’

While the title of Martin’s article suggests that pensioners were specifically targeted, the article quotes ICO Group Enforcement Officer Andy Curry as saying that ‘Elderly people were among those who were left distressed after being woken up in the night by the automated calls’, so there’s no indication in the article that the calls were targeted (or, if they were, how).

On YouTube, Andy Curry talks about ‘the action the ICO took against automated calls by Direct Security Marketing and what action can be taken by people to block similar calls.’ Even if you weren’t bothered by this particular nuisance (happily, it seems the company is quietly sinking into the West…) you might find the step through some of the minutiae of the Data Protection Act useful.

* FUD: Fear, Uncertainty, Doubt. FUD Marketing: a sales pitch characterized by disinformation and the exploitation of insecurity and negative emotions.

David Harley