Posts tagged ‘security’

Facebook – An admirable start but not nearly enough

Facebook Adds Two Privacy Tools – InformationWorld:

Both tools have to do with stopping unknown devices from logging in to a user’s Facebook account.

Definitely a first step, and an important one to be sure, especially since many hacks apparently were coming from mobile devices — but this is not nearly enough.

This does not even begin to address the privacy related issues brought on by changing the default from privacy by default to public by default which is why Facebook won over from MySpace in the first place.

My account will remain deactivated for the time being.

Advertisements

Facebook account deactivated today

Well, today is the day.

As much as I love Facebook, and enjoy the ability to keep in contact with family and friends easily, I have deactivated my account today in protest of their stance on privacy and the apparent lack of concern for their users by changing to the opposite stance on user privacy. It has been one step, after another over the last year or so. Desensitizing users to the changes they have made by doing it slowly.

Facebook sees dollar signs where we users are concerned. They have deluded themselves into thinking that with all the family and/friends connectios, and simplicity of keeping in contact with our Facebook friends, that we won’t be able to stop, that we are now hooked…”we have you now” in Darth Vader’s voice.

Is it true?

Not in my case at least. I let my friends and family know what I was doing. They support and understand. Will any of them do the same thing? I hope so…

We need to stand together to disallow Facebook a pass on the changes from supposed concern for users and user’s security and privacy to what it is today … where they are saying we don’t care about privacy by default. That we only see the connections we can make to other sites?!?! Facebook is saying proudly that they are the next MySpace … “now we control all these users and connections, and you as users have no privacy. Privacy is dead.”

Can we prove them wrong?

===

Edit: added some links to help make your decision:

With Facebook’s security and privacy standards under fire from all sides, suffice it to say that this is not a good time for one of the company’s investors to fall for a Facebook phishing scam. (Facebook phishing scam snares company board member – CNET – May 10, 2010 8:42 AM PDT )

Comparing Facebook’s latest product modifications to deadly natural disasters is probably a little bit inappropriate, but the psychological reaction doesn’t seem all that different. The social network modified its policies for handling user data once again as part of its F8 conference and release of the Open Graph API, and ever since it became clear that more information is being set as public by default and more is being shared with third parties, concerned Facebook users have been on jittery alert, perhaps prone to overreaction, concerned that something even bigger may be about to change. (Understanding Facebook’s privacy aftershocks – CNET May 6, 2010 3:51 PM PDT)

Criticism of Facebook (Wikipedia.com)

Four senators are adding their voices to criticism that Facebook Inc. doesn’t do enough to give its 400 million users easier ways to protect their privacy online. (Senators turn up the heat on Facebook privacy issues – SFGATE.com – April 28, 2010)

More links on my blog post, Bye, Bye, Facebook, Bye, Bye… AND ALL OVER THE WEB! Just do a search on facebook privacy issues on any search engine and read it and weep.

Bye, Bye, Facebook, Bye, Bye…

***NOTICE***

BYE, BYE, FACEBOOK, BYE, BYE

This notice is to my friends and family on Facebook

After this weekend (waiting only to give friends and family a chance to know what happened), I will be deactivating my Facebook account, and may ultimately be deleting it in the very near future if A LOT OF THINGS don’t change in the way that Facebook is ‘doing business.’

Facebook has a lot of gall to say Facebook users are not unhappy with their recent changes to Facebook privacy policy changes. I know many who are VERY unhappy with these changes, IF they even realize the changes being made.

To help folks realize what changes are being made, here are some links to do your own research:

Six Things You Need to Know About Facebook Connections (EFF)

Facebook security flaw makes private chats public (Network World)

Consumer groups hammer Facebook privacy violations in federal complaint (Macworld UK) – Facebook privacy violations stemming from recent feature changes

More EFF links over the last week or two on Facebook:

Facebook’s Eroding Privacy Policy: A Timeline

A Handy Facebook-to-English Translator

How to Opt Out of Facebook’s Instant Personalization

If you plan on maintaining your Facebook Account, you also might like to read the following article at ZDNet Blogs:

Contemplating FaceBook Hara-Kiri

Mac OS X 10.4.11 Tiger Java Security Update Missing

What the heck is going on?

Is the Java Update that was put out last month for Windows and this past week for Leopard and Snow Leopard not a security issue for Tiger users, or did Apple decide to not bother making sure those who still are stuck using Tiger wouldn’t be safe??!??

This is one of two reasons why I hate that Apple does the Java updates for Mac OS X instead of letting Java do it like it does for Windows.

First reason is they are always late. Second reason, when Apple doesn’t want to update Java for Tiger, like they did for Panther, etc., they just stop updating it.

If it were left up to SUN Java to update it we would have gotten it when they released the Windows versions instead of getting this when you go to Apple site with Mac OS:

Apple and Java

Apple and Java

Or is Tiger (and earlier versions) the only OSes on the planet that don’t need this security update?! Tiger hasn’t had a security update for Java since June 2009: Java for Mac OS X 10.4, Release 9

Even seemingly reliable e-mail vulnerable

Even seemingly reliable e-mail vulnerable to [unethical] hackers

“The bad guys are trying billions of random combinations … and finding new ways to break in,” says Gartner tech security analyst John Pescatore.

Crooks use flaws uncovered by fuzzing to create tainted files disguised to fool targeted employees. Earlier this year, individuals at several corporations were targeted to receive e-mail carrying an attached Excel file corrupted via a previously unknown flaw. Clicking on the file opened a worksheet with data relevant to the targeted worker; it also gave the attacker a beachhead to probe deeper into the company’s network. “The victims never really knew,” says VeriSign iDefense researcher Matt Richard, who discovered the attack.

In another attack, crooks installed a tainted QuickTime video file at several porn websites crafted to steal data from eBay and PayPal accounts, according to security firm Intego.

“It’s not just Microsoft,” says Secunia Chief Technical Officer Thomas Kristensen. “Crooks now use many different ways to gain control of computers.”

This is nothing new to many of us, but the fact that USA Today has even posted this article shows how pervasive the problem really is. And how easily people within companies, corporate or home office/small/mid sized businesses are being affected, as well as home users.

Social Engineering is alive and well. And although Windows computers are mainly targeted, no operating system is entirely safe.

However, to limit the problem to simply saying that email is the problem would be a disservice to the public.

With thousands of ordinarily safe websites hacked by unethical hackers, people don’t even have to open a dangerous email to have their computers infected with malicious tools that steal passwords, install keyloggers or other malware in order to take over the computer or spew spam, or open backdoors to pretty much do whatever they want. All behind the scenes. Often going unnoticed unless the computer becomes inordinately slowed to the point that it interferes with what the legitimate user wants to do on their computer.

There is an old saying, curiosity killed the cat … for many today, curiosity killed security, thoroughly.

On the other hand, it is also wisely reported at ImformIT in the article entitled, “Crime, War, and B.S. in the Electronic Universe“,

Unlike Chicken Little (and plenty of people in the media), Michael Kemp doesn’t believe that the sky is falling and our electronic connections will soon evaporate under attack by terrorists, criminals, and [unethical] hackers. But he does warn of a more insidious threat: By pandering to these fears, industry professionals may drive themselves right out of business.

And later in the article,

The U.S. Patriot Act has become a stick with which to beat security researchers and invade personal privacy alike. Also in the U.S., the Digital Millennium Copyright Act (DMCA) has been employed to criminalize even legitimate reverse-engineering (thanks to supposed copyright infringement), making a criminal out of Dmitry Sklyarov, and impeding research by cryptographers and security consultants alike. And what has the security industry done about these legal trends? Thus far, not a lot.

There are always AT LEAST two sides to a coin depending on which ‘dimension’ you refer to.

Overall, I think our best intelligence would dictate that we can not be naively clicking on anything that piques our fancy, or be too busy to think through before clicking or opening a file from email or on a website, or make sure that a file in an email truly is from the person we think it’s from, or assume that person has a virus-free computer, and making sure we virus check files with the latest virus definitions before opening them. Period.

We can’t assume, rightly or wrongly, that everything on a website is benign just because the organization is a good one. We have seen in the news that we can’t blindly trust every security site, bank site, sports site, news site, kid’s site, good cause site, etc.

Sometimes we seem to get caught by malware, when we were only doing what seemed reasonable — trusting a known good site.

We need a heads up on what search results appear to be safe and which ones do not appear safe or have some problems like good and bad downloads, or popups, or massive emails sent after visiting a particular site.

There are some really good security tools out there for many of the problems that we might come up against. They may not all be free, but they are available.

Fear is never a good thing. F.U.D. (Fear, Uncertainty, Doubt) is a big enemy to thinking individuals, communities and governments.

1984. Max Headroom. Brave New World. Time Machine. I Robot.

Why these books? I personally believe there is an element of truth in all science fiction. Maybe not as written, but the concepts upon which they are written.

1984. For those who have not read this rather sick and twisted version of a future no one wants to be a part of. It is a cult classic, science fiction tale of extrapolation of the worst possible scenario that could happen. At least in my humble opinion. I enjoyed reading it as I have many other great piece of literature. It was masterfully written, enveloping, and although I don’t believe we will live to see this happen, I do see some inklings of things that niggle.

Regardless of how folks feel about the book itself, there are some amazing quotes from George Orwell’s 1984 that we all should be aware of.

The mantra of INGSOC presented by the “Ministry of Truth”:

WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH

Two particularly interesting paragraphs at the beginning of the book speak about the signs everywhere with the black-mustachio’d face gazing right into your eyes from everywhere, with the words, “BIG BROTHER IS WATCHING YOU” as a caption. He also indicated the police patroled in helicopters peering in homes, but they didn’t matter, it was only the “Thought Police” that mattered.

Winston, the main character, was trying to remain, what he considered to be sane in the midst of insanity around him where truth was lies, and lies were truth, and truth was only what they were told it was.

He began to write his thoughts down in a hidden book, hidden, at least he thought it was hidden, from the “Thought Police.”

There were televisions in each home, but these televisions were two way -receivers and transmitters of both audio and video – and you never knew when they would be ‘tuned’ into your particular television. Something that would be unnerving to anyone.

His first words in his journal was the date April 4th, 1984 and after some thoughts, he began to madly write thoughts down. Then after some ‘normal’ everyday things happened, including strange mind control rallies where everyone was ‘encouraged’ to take part. Winston sat in his little ‘apartment’ and after realizing that “only the “Thought Police” would read what he wrote before they wiped it out of existence and out of memory. He wondered how you could appeal to the future when not a trace of you, not even an anonymous word scribbled on a piece of paper, could physically survive.” He began writing again,

To the future or to the past, to a time when thought is free, when men are different from one another and do not live alone–to a time when truth exists and what is done cannot be undone:
From the age of uniformity, from the age of solitude, from the age of Big Brother, from the age of doublethink–greetings!

After some rather morbid contemplation, he wrote again:

Thoughtcrime does not entail death: thoughtcrime was death.

He knew first hand how someone could be wiped out; his job was part of the process of rewriting history to reflect the current needs of ‘the Party.’

It is really a very sad story of a man, driven quite mad by the insane life forced upon him and the insane thinking forced upon him by the ‘Party.’

There was no freedom, no true living, no hope.

One final thought from the book, toward the end of the book in one interview with O’Brien, who apparently is trying to convince Winston of the ‘Party’ truth’…

O’Brien was looking down at him speculatively. More than ever he had the air of a teacher taking pains with a wayward but promising child.

‘There is a Party slogan dealing with the control of the past,’ he said. ‘Repeat it, if you please.’

‘”Who controls the past controls the future: who controls the present controls the past,”‘ repeated Winston obediently.

‘”Who controls the present controls the past,”‘ said O’Brien, nodding his head with slow approval. ‘Is it your opinion, Winston, that the past has real existence?’

Again the feeling of helplessness descended upon Winston. His eyes flitted towards the dial. He not only did not know whether ‘yes’ or ‘no’ was the answer that would save him from pain; he did not even know which answer he believed to be the true one.

O’Brien smiled faintly. ‘You are no metaphysician, Winston,’ he said. ‘Until this moment you had never considered what is meant by existence. I will put it more precisely. Does the past exist concretely, in space? Is there somewhere or other a place, a world of solid objects, where the past is still happening?’

‘No.’

‘Then where does the past exist, if at all?’

‘In records. It is written down.’

‘In records. And—-?’

‘In the mind. In human memories.’

‘In memory. Very well, then. We, the Party, control all records, and we control all memories. Then we control the past, do we not?’

In our current world of ‘political correctness’, and the wishing to do away with a past that might bother some folks, where wonderful technologies are being created, and used by, or made use of by, massive companies who in turn make use of agencies to control them, and by association, those who make use of them – Well, that could make something ‘like’ these scifi scenarios, like 1984 and others, or the equally unacceptable future in the Max Headroom scifi television series, actually come to pass some day in the future…

This book along with so many other great scifi books really do have some (hopefully) twisted elements of truth in them, but they are still very interesting. Science Fiction is the mind out to play, searching for a combination of possible future science and social responses…and maybe to in some small way, foresee or forewarn.

I genuinely hope we never live to see anything like this come to pass. But it’s great fiction, and thought provoking, none the less.

NOTE: Originally posted: March 2005 (recreated from my original mangled blogspot.com blog)

Tag Cloud

%d bloggers like this: