Showing posts with label Data breach. Show all posts
Showing posts with label Data breach. Show all posts

Wednesday, 11 September 2019

We might soon be able to communicate telepathically

At least, that’s the gist of a new report about neural implant technology by the Royal Society, that was reviewed by The Independent. The document hypes some of the more exciting things brain-computer interfaces could make possible, but also warns that brains hooking to the computers ( watching too many SciFi movies!!) could also compromise individual privacy.

“Not only thoughts, but sensory experiences, could be communicated from brain to brain,” the report reads. “Someone on holiday could beam a ‘neural postcard’ of what they are seeing, hearing or tasting into the mind of a friend back home.” - Little bit of exaggeration.... Do you guys think that way? 

To make sure that these neural implants of the future are used to benefit people and society, the Royal Society is calling for a government probe into the tech, The Independent reports. Otherwise, companies like Facebook and Tweeter that are already working on their own systems will be able to dictate how the tech is used on their own terms.

“They could bring huge economic benefits to the UK and transform sectors like the NHS, public health and social care,”  report co-chair Christofer Toumazou from Imperial College of London told The Independent. “But if developments are dictated by a handful of companies then less commercial applications could be side-lined. That is why we are calling on the government to launch a national investigation”

READ MORE: Brain-Computer Interface Will Make People Telepathic, Scientists Say [The Independent]

Saturday, 6 April 2019

Another Facebook Data Breach confirmed today (4th April 2019) - 540 million Facebook user data points leaked by third parties

Over 540 million Facebook user data records were compromised after third-party apps and sites stored the data on unsecured servers. The huge breach comes after numerous promises by Facebook to boost security, and it may prove to be one of the most dangerous yet. Find out why.
  • Two third-party Facebook app developers – Mexico-based Cultura Colectiva and an app called At The Pool – stored a total of about 540 million Facebook user data entries on unsecured Amazon Web Services (AWS) servers.
  • The data stored by Cultura Colectiva included more than 540 million “comments, likes, reactions, account names, FB IDs and more” from Facebook users. This data may seem innocuous, but a hacker or scammer could use it to defraud thousands of users.
  • Far less data was stored by At The Pool, but their data may have been more dangerous. In addition to their names, email addresses, and other Facebook data, the data included 22,000 plaintext passwords. The researchers assume that these passwords were used for the app, not Facebook. However, anyone using the same password for their other accounts would be at high risk.
  • At The Pool’s website has apparently been defunct since 2014. It is therefore likely that the data has been left unsecured at least since then.
The cherry on top: UpGuard, the cybersecurity firm that found and reported the breach, said that even closing the breach was an ordeal. One would hope that companies would respond quickly to protect their users’ data, but this was not the case. Here’s a timeline:
  • “Our first notification email went out to Cultura Colectiva on January 10th, 2019. The second email to them went out on January 14th. To this day there has been no response.”
  • “We then notified Amazon Web Services of the situation on January 28th. AWS sent a response on February 1st informing us that the bucket’s owner was made aware of the exposure.”
  • “When February 21st rolled around and the data was still not secured, we again sent an email to Amazon Web Services.”
  • “It was not until the morning of April 3rd, 2019, after Facebook was contacted by Bloomberg for comment, that the database backup […] was finally secured.”
It took almost 3 months for Cultura Colectiva to secure its users’ data. At The Pool’s data was secured much more quickly, but this may have simply been a stroke of good fortune. Their data set was taken offline during UpGuard’s investigation and before they sent any notification emails. However, the data had already been left unsecured for about 5 years.

Wednesday, 5 December 2018

How Safe Is Online Banking on a Mobile Phone?

So, how safe is mobile banking? It all depends on how cautious and well-informed you are.

Hackers exploit weak passwords and vulnerabilities of public Wi-Fi to infect devices with malware. However, most mobile banking attacks happen through social engineering – when users are manipulated to give up their usernames and passwords to hackers, scammers and other cybercriminals.

Social engineering techniques range from phone calls, malware links, phishing websites to more advanced (and less frequent) attacks like phony banking apps. It’s much easier to fall for a scam than you think, and the best defense against them is knowledge. Here are some tips for safe mobile banking:

1. Don’t lose your phone

The biggest security threat of your mobile phone is also its greatest asset – its size. Phones are small, handy, beautiful, and easy to lose.

Losing a phone is as heartbreaking as losing a part of yourself, but it gets even worse. If someone who found or stole your phone uses it to access your bank account, you could lose much more.

A strong password (made of a random string of lowercase and uppercase letters, numbers, and symbols, at least six characters long) is the most secure way to lock your phone.

If you are afraid to forget the password, use a PIN key (something more difficult and unique than 1111) or a pattern lock with biometric identification, which can be:
  • Facial recognition – convenient but not secure, since it can sometimes be bypassed with a photograph.
  • Iris scanning – the pattern of your iris is unique and can’t be replicated with a simple photo.
  • Fingerprints – low false-acceptance rates, perfect if you don’t often wear gloves.
Iris scanning or fingerprint identification with a strong PIN will grant you easy and secure access to your phone.

Never leave your phone unattended. Install an anti-theft and recovery app that can locate your phone, lock it remotely, or even wipe your data if it gets stolen.

As a final layer of security, always log out from your banking app after you finish your operations.

2. Use the official banking app, not the browser

The second biggest security threat concerns the banking app. If you aren’t careful, you could download a fake banking app created by scammers to break into your account.

Make sure your bank created or approves of the app you are downloading. Get it from their website. Moreover, do not use mobile browsers to log in to your bank account – they are less secure than bank-sanctioned apps.

Finaly, before downloading any app to your phone, you should research the developer, read the reviews, check the app rating on Google Play or App Store. Poorly designed or malicious third-party apps could use your username and password to access your bank account and empty or monitor it.

3. Don’t just follow any link you see

You pick up your phone, open up the email app, and notice that your bank sent you an announcement about a new service. The letter ends, “You can save up to a thousand dollars per year! For more details, follow this link.” You click it, go to the landing page, log in, but some error occurs, and you are disconnected from the website.

You just gave your username and password to a scammer.

The email you got was not from your bank, but from scammers pretending to be your bank. You would have noticed it had you checked the sender details more carefully. The landing page was actually a clone made to look like your bank’s website. When you entered your password, you handed your data straight to cybercriminals.

Always check the URL and domain of any link you are about to click on, especially if it claims to be from your bank. If it looks suspicious – avoid it. The same applies to SMS messages or messages and links on social media.

Never send your username or password via email, social media or text message. If you did – change the password immediately.

4. Don’t use mobile banking on public Wi-Fi

Anyone on a public Wi-Fi network is in danger of a security breach. Most of these networks lack basic security measures and have poor router configurations and weak passwords. Mobile banking or any other activity that exposes your sensitive data should never be done on public Wi-Fi.

If a hacker is monitoring the public Wi-Fi or hotspot you are using, they could intercept the data being transferred to and from your phone and use it to access your banking account.

If you are scrolling in a library or a coffee shop and you need to access your bank account, use your cellular network instead. It’s not perfect, but it’s better than public Wi-Fi. Better yet, turn on a VPN and use public Wi-Fi without the risk of compromising your personal data. A VPN encrypts your web traffic, making it extraordinarily difficult to intercept and decipher.

Is Mobile Banking Safe on Android?

Since the Android platform allows its users more flexibility, it also leaves more security holes than iOS systems. Minimize your risks by downloading apps only from Google Play and update them in a timely manner.

Go to your Android settings and make sure that you have turned on Google Play Protect, which scans your apps for suspicious behavior. You can also use the Find My Device setting, which lets you find, ring, lock, or even wipe your device from afar.

Go through the apps you’ve downloaded and installed on your phone and delete the ones you do not need or use – each represents an unnecessary potential vulnerability. Old apps may also be poorly supported or have security holes or malware. A clean and tidy Android system is likely to be a secure one.

Is Mobile Banking Safe on iPhone?

Banking apps on iOS tend to be secure thanks to the rigorous standards of the App Store. The most vulnerable iOS systems are those that have been jailbroken.

Jailbreaking means cracking the standard settings of an iOS system so that you can modify your phone in ways that Apple does not allow. With a jailbroken phone, you can install apps not authorized by Apple, and you can also remove the security protocols that Apple has built into the device. Jailbreaking also voids the warranty, so you won’t get support from Apple when you might need it most.

If you are just a regular iOS user, you should never jailbreak your iPhone. Only use apps from the App Store, which are usually safe. Malware may bypass Apple’s defenses once in a while so you should always be careful, but they certainly catch many potential threats.

Final Thoughts

Is it safe to use mobile banking apps? Yes. Download the official banking app, update it constantly, use a VPN with a public Wi-Fi, and keep your phone close by!

However, that doesn’t make you completely safe from scams, malware attacks, and hacking. Your common sense is the last line of defense. A victim of mobile banking breaches will usually be someone who does not take their security seriously.

Thursday, 11 January 2018

Does the Google keep your life private?

Did you know that when you search on Google, they keep your search history forever? That means they know every search you’ve ever done on Google. That alone is pretty scary, but it’s just the shallow end of the very deep pool of data that they try to collect on people.
What most people don’t realize is that even if you don’t use any Google products directly, they’re still trying to track as much as they can about you. Google trackers have been found on 75% of the top million websites. This means they're also trying to track most everywhere you go on the internet, trying to slurp up your browsing history!
Most people also don’t know that Google runs most of the ads you see across the internet and in apps – you know those ones that follow you around everywhere? Yup, that’s Google, too. They aren’t really a search company anymore – they’re a tracking company. They are tracking as much as they can for these annoying and intrusive ads, including recording every time you see them, where you saw them, if you clicked on them, etc.
But even that’s not all…
If You Use Google Products
If you do use Google products, they try to track even more. In addition to tracking everything you’ve ever searched for on Google (e.g. “weird rash”), Google also tracks every video you’ve ever watched on YouTube. Many people actually don’t know that Google owns YouTube; now you know.
And if you use Android (yeah, Google owns that too), then Google is also usually tracking:
If you use Gmail, they of course also have all your e-mail messages. If you use Google Calendar, they know all your schedule. There’s a pattern here: For all Google products (Hangouts, Music, Drive, etc.), you can expect the same level of tracking: that is, pretty much anything they can track, they will.
Oh, and if you use Google Home, they also store a live recording of every command you’ve (or anyone else) has ever said to your device! Yes, you heard that right (err… they heard it) – you can check out all the recordings on your Google activity page.
Essentially, if you allow them to, they’ll track pretty close to, well, everything you do on the Internet. In fact, even if you tell them to stop tracking you, Google has been known to not really listen, for example with location history.
You Become the Product
Why does Google want all of your information anyway? Simple: as stated, Google isn’t a search company anymore, they’re a tracking company. All of these data points allow Google to build a pretty robust profile about you. In some ways, by keeping such close tabs on everything you do, they, at least in some ways, may know you better than you know yourself.
And Google uses your personal profile to sell ads, not only on their search engine, but also on over three million other websites and apps. Every time you visit one of these sites or apps, Google is following you around with hyper-targeted ads.
It’s exploitative. By allowing Google to collect all this info, you are allowing hundreds of thousands of advertisers to bid on serving you ads based on your sensitive personal data. Everyone involved is profiting from your information, except you. You are the product.
The Myth of “Nothing to Hide”
Some may argue that they have “nothing to hide,” so they are not concerned with the amount of information Google has collected and stored on them, but that argument is fundamentally flawed for many reasons.
Everyone has information they want to keep private: Do you close the door when you go to the bathroom? Privacy is about control over your personal information. You don’t want it in the hands of everyone, and certainly don’t want people profiting on it without your consent or participation.
In addition, privacy is essential to democratic institutions like voting and everyday situations such as getting medical care and performing financial transactions. Without it, there can be significant harms.
On an individual level, lack of privacy leads to putting you into a filter bubble, getting manipulated by ads, discrimination, fraud, and identity theft. On a societal level, it can lead to deepened polarisation and societal manipulation like we’ve unfortunately been seeing multiply in recent years.