Timesdelhi.com

September 24, 2018
Category archive

privacy

Seven reasons not to trust Facebook to play cupid

in Advertising Tech/Apps/Artificial Intelligence/dating apps/Delhi/Facebook/Facebook Dating/India/Politics/privacy/Social/TC by

This week Facebook has launched a major new product play, slotting an algorithmic dating service inside its walled garden as if that’s perfectly normal behavior for an ageing social network.

Insert your [dad dancing GIF of choice] right here.

Facebook getting into dating looks very much like a mid-life crisis — as a veteran social network desperately seeks a new strategy to stay relevant in an age when app users have largely moved on from social network ‘lifecasting’ to more bounded forms of sharing, via private messaging and/or friend groups inside dedicated messaging and sharing apps.

The erstwhile Facebook status update has long been usurped by the Snapchat (and now Instagram) Story as the social currency of choice for younger app users. Of course Facebook owns the latter product too, and has mercilessly cloned Stories. But it hardly wants its flagship service to just fade away into the background like the old fart it actually is in Internet age terms.

Not if it can reinvigorate the product with a new purpose — and so we arrive at online dating.

Facebook — or should that be ‘Datebook’ now?! — is starting its dating experiment in Colombia, as its beta market. But the company clearly has ambitious designs on becoming a major global force in the increasingly popular online dating arena — to challenge dedicated longtime players like eHarmony and OkCupid, as well as the newer breed of more specialized dating startups, such as female-led app, Bumble.

Zuckerberg is not trying to compete with online dating behemoth Tinder, though. Which Facebook dismisses as a mere ‘hook up’ app — a sub category it claims it wants nothing to do with.

Rather it’s hoping to build something more along the lines of ‘get together with friends of your friends who’re also into soap carving/competitive dog grooming/extreme ironing’ than, for e.g., the raw spank in the face shock of ‘Bang with Friends‘. (The latter being the experimental startup which tried, some six years ago, to combine Facebook and sex — before eventually exiting to a Singapore-based dating app player, Paktor, never to be heard of again. Or, well, not until Facebook decided to get into the dating game and reminded us all how we lol’d about it.)

Mark Zuckerberg’s company doesn’t want to get into anything smutty, though. Oh no, no, NO! No sex please, we’re Facebook!

Facebook Dating has been carefully positioned to avoid sounding like a sex app. It’s being flogged as a tasteful take on the online dating game, with — for instance — the app explicitly architected not to push existing friends together via suggestive matching (though you’ll just have to hope you don’t end up being algorithmically paired with any exes, which judging by Facebook’s penchant for showing users ‘photo memories’ of past stuff with exes may not pan out so well… ). And no ability to swap photo messages with mutual matches in case, well, something pornographic were to pass through.

Facebook is famously no fan of nudes. Unsurprisingly, then, nor is its buttoned up dating app. Only ‘good, old-fashioned wholesome’ text-based chat-up lines (related to ‘good clean pieces of Facebook content’) here please.

If you feel moved to text an up-front marriage proposal — feeling 100% confident in Facebook’s data scientists’ prowess in reading the social media tea leaves and plucking your future life partner out of the mix — its algorithms will probably smile on that though.

The company’s line is that dating will help fulfil its new mission of encouraging ‘time well spent’ — by helping people forge more meaningful (new) relationships thanks to the power of its network (and the data it sucks out of it).

This mission is certainly an upgrade on Facebook’s earlier and baser interest in just trying to connect every human on planet Earth to every other human on planet Earth in some kind of mass data-swinging orgy — regardless of the ethical and/or moral consequences (as Boz memorably penned it), as if it was trying to channel the horror-loving spirit of Pasolini’s Salò. Or, well, a human centipede.

But that was then. These days, in its mid teens, Facebook wants to be seen as grown up and a bit worth. So its take on dating looks a lot more ‘marriage material’ than ‘casual encounters’. Though, well, products don’t always pan out how their makers intend. So it might need to screw its courage to the sticking place and hope things don’t go south.

From the user perspective, there’s a whole other side here too though. Because given how much baggage inevitably comes with Facebook nowadays, the really burning question is whether any sensible person should be letting Mark Zuckerberg fire cupid’s arrows on their behalf?

He famously couldn’t tell malicious Kremlin propaganda from business as usual social networking like latte photos and baby pics — so what makes you think he’s going to be attuned to the subtle nuances of human chemistry?!

Here are just a few reasons why we think you should stay as far away from Facebook’s dalliance with dating as you possibly can…

  1. It’s yet another cynical data grab
    Facebook’s ad-targeting business model relies on continuous people tracking to function — which means it needs your data to exist. Simply put: Your privacy is Facebook’s lifeblood. Dating is therefore just a convenient veneer to slap atop another major data grab as Facebook tries to find less icky ways to worm its way back and/or deeper into people’s lives. Connecting singles to nurture ‘meaningful relationships’ is the marketing gloss being slicked over its latest invitation to ask people to forget how much private information they’re handing it. Worse still, dating means Facebook is asking people to share even more intimate and personal information than they might otherwise willingly divulge — again with a company whose business model relies upon tracking everything everyone does, on or offline, within its walled garden or outside it on the wider web, and whether they’re Facebook a user or not.
    This also comes at a time when users of Facebook’s eponymous social network have been showing signs of Facebook fatigue, and even changing how they use the service after a string of major privacy scandals. So Facebook doing dating also looks intended to function as a fresh distraction — to try to draw attention away from its detractors and prevent any more scales falling away from users’ eyes. The company wants to paper over growing scepticism about ad-targeting business models with algorithmic heart-shaped promises.
    Yet the real underlying passion here is still Facebook’s burning desire to keep minting money off of your private bits and bytes.
  2. Facebook’s history of privacy hostility shows it simply can’t be trusted
    Facebook also has a very long history of being outright hostile to privacy — including deliberately switching settings to make previously private settings public by default (regulatory intervention has been required to push back against that ratchet) — so its claim, with Dating, to be siloing data in a totally separate bucket, and also that information shared for this service won’t be used to further flesh out user profiles or to target people with ads elsewhere across its empire should be treated with extreme scepticism.
    Facebook also said WhatsApp users’ data would not be mingled and conjoined with Facebook user data — and, er, look what ended up happening there…!!
    ————————————————————————————————–>

    WhatsApp to share user data with Facebook for ad targeting — here’s how to opt out

    And then there’s Facebook record of letting app developers liberally rip user data out of its platform — including (for years and years) ‘friend data’. Which almost sounded cosy. But Facebook’s friends data API meant that an individual Facebook user could have their data sucked out without even agreeing to a particular app’s ToS themselves. Which is part of the reason why users’ personal information has ended up all over the place — and in all sorts of unusual places. (Facebook not enforcing its own policies, and implementing features that could be systematically abused to suck out user data are among some of the many other reasons.)
    The long and short history of Facebook and privacy is that information given to it for one purpose has ended up being used for all sorts of other things — things we likely don’t even know the half of. Even Facebook itself doesn’t know which is why it’s engaged in a major historical app audit right now. Yet this very same company now wants you to tell it intimate details about your romantic and sexual preferences? Uhhhh, hold that thought, truly.

  3. Facebook already owns the majority of online attention — why pay the company any more mind? Especially as dating singles already have amazingly diverse app choice…
    In the West there’s pretty much no escape from Facebook Inc. Not if you want to be able to use the social sharing tools your friends are using. Network effects are hugely powerful for that reason, and Facebook owns not just one popular and dominant social network but a whole clutch of them — given it also bought Instagram and WhatsApp (plus some others it bought and just closed, shutting down those alternative options). But online dating, as it currently is, offers a welcome respite from Facebook.
    It’s arguably also no accident that the Facebook-less zone is so very richly served with startups and services catering to all sorts of types and tastes. There are dating apps for black singlesmatchmaking services for Muslims; several for Jewish people; plenty of Christian dating apps; at least one dating service to match ex-pat Asians; another for Chinese-Americansqueer dating apps for women; gay dating apps for men (and of course gay hook up apps too), to name just a few; there’s dating apps that offer games to generate matches; apps that rely on serendipity and location to rub strangers together via missed connections; apps that let you try live video chats with potential matches; and of course no shortage of algorithmic matching dating apps. No singles are lonely for dating apps to try, that’s for sure.
    So why on earth should humanity cede this very rich, fertile and creative ‘stranger interaction’ space, which caters to singles of all stripes and fancies, to a social network behemoth — just so Facebook can expand its existing monopoly on people’s attention?
    Why shrink the luxury of choice to give Facebook’s business extra uplift? If Facebook Dating became popular it would inexorably pull attention away from alternatives — perhaps driving consolidation among a myriad of smaller dating players, forcing some to band together to try to achieve greater scale and survive the arrival of the 800lb Facebook gorilla. Some services might feel they have to become a bit less specialized, pushed by market forces to go after a more generic (and thus larger) pool of singles. Others might find they just can’t get enough niche users anymore to self-sustain. The loss of the rich choice in dating apps singles currently enjoy would be a crying shame indeed. Which is as good a reason as any to snub Facebook’s overtures here.
  4. Algorithmic dating is both empty promise and cynical attempt to humanize Facebook surveillance
    Facebook typically counters the charge that because it tracks people to target them with ads its in the surveillance business by claiming people tracking benefits humanity because it can serve you “relevant ads”. Of course that’s a paper thin argument since all display advertising is something no one has chosen to see and therefore is necessarily a distraction from whatever a person was actually engaged with. It’s also an argument that’s come under increasing strain in recent times, given all the major scandals attached to Facebook’s ad platform, whether that’s to do with socially divisive Facebook ads, or malicious political propaganda spread via Facebook, or targeted Facebook ads that discriminate against protected groups, or Facebook ads that are actually just spreading scams. Safe to say, the list of problems attached to its ad targeting enterprise is long and keeps growing.
    But Facebook’s follow on claim now, with Dating and the data it intends to hold on people for this matchmaking purpose, is it has the algorithmic expertise to turn a creepy habit of tracking everything everyone does into a formula for locating love.
    So now it’s not just got “relevant” ads to sell you; it’s claiming Facebook surveillance is the special sauce to find your Significant Other!

    Frankly, this is beyond insidious. (It is also literally a Black Mirror episode — and that’s supposed to be dysfunctional sci-fi.) Facebook is moving into dating because it needs a new way to package and sell its unpleasant practice of people surveillance. It’s hoping to move beyond its attempt at normalizing its business line (i.e. that surveillance is necessary to show ads that people might be marginally more likely to click on) — which has become increasingly problematic as its ad platform has been shown to be causing all sorts of knock-on societal problems — by implying that by letting Facebook creep on you 24/7 it could secure your future happiness because its algorithms are working to track down your perfect other half — among all those 1s and 0s it’s continuously manhandling.
    Of course this is total bunkum. There’s no algorithmic formula to determine what makes one person click with another (or not). If there was humans would have figured it out long, long ago — and monetized it mercilessly. (And run into all sorts of horrible ethical problems along the way.)
    Thing is, people aren’t math. Humans cannot be made to neatly sum to the total of their collective parts and interests. Which is why life is a lot more interesting than the stuff you see on Facebook. And also why there’s a near infinite number of dating apps out there, catering to all sorts of people and predilections.
    Sadly Facebook can’t see that. Or rather it can’t admit it. And so we get nonsense notions of ‘expert’ algorithmic matchmaking and ‘data science’ as the underpinning justification for yet another dating app launch. Sorry but that’s all just marketing.
    The idea that Facebook’s data scientists are going to turn out to be bullseye hitting cupids is as preposterous as it is ridiculous. Like any matchmaking service there will be combinations thrown up that work and plenty more than do not. But if the price of a random result is ceaseless surveillance the service has a disproportionate cost attached to it — making it both an unfair and an unattractive exchange for the user. And once again people are being encouraged to give up far more than they’re getting in return.
    If you believe that finding ‘the one’ will be easier if you focus on people with similar interests to you or who are in the same friend group there’s no shortage of existing ‘life avenues’ you can pursue without having to resort to Facebook Dating. (Try joining a club. Or going to your friends’ parties. Or indeed taking your pick from the scores of existing dating apps that already offer interest-based matching.)
    Equally you could just take a hike up a mountain and meet your future wife at the top (as one couple I know did). Safe to say, there’s no formula to love. And thankfully so. Don’t believe anyone trying to sell you a dating service with the claim their nerdtastic data scientists will hook you up good and proper.
    Facebook’s chance of working any ‘love magic’ will be as good/poor as the next app-based matchmaking service. Which is to say it will be random. There’s certainly no formula to be distilled beyond connecting ‘available to date’ singles — which dating apps and websites have been doing very well for years and years and years. No Facebook dates necessary.
    The company has little more to offer the world of online dating than, say, OkCupid, which has scale and already combines the location and stated interests of its users in an attempt to throw up possible clicks. The only extra bit is Facebook’s quasi-bundling of Events into dating, as a potential avenue to try and date in a marginally more informal setting than agreeing to go on an actual date. Though, really, it just sounds like it might be more awkward to organize and pull off.
    Facebook’s generic approach to dating is also going to offer much less for certain singles who benefit from a more specialized and tailored service (such as a female-focused player like Bumble which has created a service to cater to women’s needs; or, indeed, any of the aforementioned community focused offerings cited above which help people meet other likeminded singles).
    Facebook appears to believe that size matters in dating. And seems to want to be a generic giant in a market that’s already richly catering to all sorts of different communities. For many singles that catch-all approach is going to earn it a very hard left swipe.
  5. Dating takes resource and focus away from problems Facebook should actually be fixing
    Facebook’s founder made ‘fixing Facebook’ his personal priority this year. Which underlines quite how many issues the company has smashing through its plate. We’re not talking little bug fixes. Facebook has a huge bunch of existentially awful hellholes burning through its platform and punching various human rights in the process. This is not at all trivial. Some really terrible stuff has been going on with its platforms acting as the conduit.
    Earlier this year, for instance, the UN blasted Facebook saying its platform had became a “beast” in Myanmar — weaponized and used to accelerate ethnic violence against the Rohingya Muslim minority.
    Facebook has admitted it did not have enough local resource to stop its software being used to amplify ethnic hate and violence in the market. Massacres of Rohingya refuges have been described by human rights organizations as a genocide.
    And it’s not an isolated instance. In the Philippines the country has recently been plunged into a major human rights crisis — and the government there, which used Facebook to help get elected, has also been using Facebook to savage its critics at the same time as carrying out thousands of urban killings in a bloody so-called ‘war on drugs’.
    In India, Facebook’s WhatsApp messaging app has been identified as a contributing factor in multiple instances of mob violence and killings — as people have been whipped up by lies spread like lightning via the app.
    Set against such awful problems — where Facebook’s products are at very least not helping — we now see the company ploughing resource into expanding into a new business area, and expending engineering resource to build a whole new interface and messaging system (the latter to ensure Facebook Dating users can only swap texts, and can’t send photos or videos because that might be a dick pic risk).
    So it’s a genuine crying shame that Facebook did not pay so much close attention to goings on in Myanmar — where local organizations have long been calling for intelligent limits to be built in to its products to help stop abusive misuse.
    Yet Facebook only added the option to report conversations in its Messenger app this May
    So the sight of the company expending major effort to launch a dating product at the same time as it stands accused of failing to do enough to prevent its products from being conduits for human rights abuses in multiple markets is ethically uncomfortable, to say the least.
    Prospective users of Facebook Dating might therefore feel a bit queasy to think that their passing fancies have been prioritized by Zuckerberg & co over and above adding stronger safeguards and guardrails to the various platforms they operate to try to safeguard humans from actual death in other corners of the globe.
  6. By getting involved with dating, Facebook is mixing separate social streams
    Talking of feeling queasy, with Facebook Dating the company is attempting to pull off a tricky balancing act of convincing existing users (many of whom will already be married and/or in a long term relationship) that it’s somehow totally normal to just bolt on a dating layer to something that’s supposed to be a generic social network.
    All of a sudden a space that’s always been sold — and traded — as a platonic place for people to forge ‘friendships’ is suddenly having sexual opportunity injected into it. Sure, the company is trying to keep these differently oriented desires entirely separate, by making the Dating component an opt-in feature that lurks within Facebook (and where (it says) any activity is siloed and kept off of mainstream Facebook (at least that’s the claim)). But the very existence of Facebook Dating means anyone in a relationship who is already on Facebook is now, on one level, involved with a dating app company.
    Facebook users may also feel they’re being dangled the opportunity to sign up to online dating on the sly — with the company then committed itself to being the secret-keeping go-between ferrying any flirtatious messages they care to send in a way that would be difficult for their spouse to know about, whether they’re on Facebook or not.
    How comfortable is Facebook going to be with being a potential aid to adultery? I guess we’ll have to wait and see how that pans out. As noted above, Facebook execs have — in the past — suggested the company is in the business of ‘connecting people, period’. So there’s perhaps a certain twisted logic working away as an undercurrent and driving its impulse to push for ever more human connections. But the company could be at risk of applying its famous “it’s complicated” relationship status to itself with the dating launch — and then raining complicated consequences down upon its users as a result. (As, well, it so often seems to do in the name of expanding its own business.)
    So instead of ‘don’t mix the streams’, with dating we’re seeing Facebook trying to get away with running entirely opposite types of social interactions in close parallel. What could possibly go wrong?! Or rather what’s to stop someone in the ‘separate’ Facebook dating pool trying to Facebook-stalk a single they come across there who doesn’t responded to their overtures? (Given Facebook dating users are badged with their real Facebook names there could easily be user attempts to ‘cross over’.)
    And if sentiments from one siloed service spill over into mainstream Facebook things could get very messy indeed — and users could end up being doubly repelled by its service rather than additionally compelled. The risk is Facebook ends up fouling not feathering its own nest by trying to combine dating and social networking. (This less polite phrase also springs to mind.)
  7. Who are you hoping to date anyway?!
    Outside emerging markets Facebook’s growth has stalled. Even social networking’s later stage middle age boom looks tapped out. At the same time today’s teens are not at all hot for Facebook. The youngest web users are more interested in visually engaging social apps. And the company will have its work cut out trying to lure this trend-sensitive youth crowd. Facebook dating will probably sound like a bad joke — or a dad joke — to these kids.
    Going up the age range a bit, the under ~35s are hardly enamoured with Facebook either. They may still have a profile but also hardly think Facebook is cool. Some will have reduced their usage or even taken a mini break. The days of this age-group using Facebook to flirt with old college classmates are as long gone as sending a joke Facebook poke. Some are deleting their Facebook account entirely — and not looking back. Is this prime dating age-group suddenly likely to fall en masse for Facebook’s love match experiment? It seems doubtful.
    And it certainly looks like no accident Facebook is debuting Dating outside the US. Emerging markets, which often have young, app-loving populations, probably represent its best chance at bagging the critical mass of singles absolutely required to make any dating product even vaguely interesting.
    But in its marketing shots for the service Facebook seems to be hoping to attract singles in the late twenties age-range — dating app users who are probably among the ficklest, trickiest people for Facebook to lure with a late-stage, catch-all and, er, cringey proposition.
    After that, who’s left? Those over 35s who are still actively on Facebook are either going to be married — and thus busy sharing their wedding/baby pics — and not in the market for dating anyway; or if they are single they may be less inclined towards getting involved with online dating vs younger users who are now well accustomed to dating apps. So again, for Facebook, it looks like diminishing returns up here.
    And of course a dating app is only as interesting and attractive as the people on it. Which might be the most challenging hurdle for Facebook to make a mark on this well-served playing field — given its eponymous network is now neither young nor cool, hip nor happening, and seems to be having more of an identity crisis with each passing year.
    Perhaps Facebook could carve out a dating niche for itself among middle-age divorcees — by offering to digitally hand-hold them and help get them back into the dating game. (Although there’s zero suggestion that’s what it’s hoping to do with the service it debuted this week.)
    If Zuckerberg really wants to bag the younger singles he seems most interested in — at least judging by Facebook Dating’s marketing — he might have been better off adding a dating stream to Instagram.
    I mean, InstaLovegram almost sounds like it could be a thing.

News Source = techcrunch.com

Surveillance camera vulnerability could allow hackers to spy on and alter recordings

in computer security/Delhi/exploits/India/NVR/Politics/privacy/Security/surveillance/TC/video surveillance/vulnerability by

In newly published research, security firm Tenable reveals how popular video surveillance camera software could be manipulated, allowing would-be attackers the ability to view, disable or otherwise manipulate video footage.

The vulnerability, which researchers fittingly dubbed “Peekaboo,” affects software created by NUUO, a surveillance system software maker with clients including hospitals, banks, and schools around the globe.

The vulnerability works via a stack buffer overflow, overwhelming the targeted software and opening the door for remote code execution. That loophole means that an attacker could remotely access and take over accounts with no authorization, even taking over networked cameras connected to the target device.

“This is particularly devastating because not only is an attacker able to control the NVR [camera] but the credentials for all the cameras connected to the NVR are stored in plaintext on disk,” Tenable writes.

Tenable provides more details on potential exploits tested with one of NUUO’s NVRMini2 devices on its Github page. One exploit “grabs the credentials to the cameras that are connected to the NVR, creates a hidden admin user, and disconnects any cameras that are currently connected to the NVR.” Not great.

Tenable set its disclosure to NUUO in motion on June 1. NUUO committed to a September 13 patch date to fix the issue but the date was later pushed to September 18, when anyone with affected equipment can expect to see firmware version 3.9.0.1. Organizations that might be vulnerable can use a plugin from the researchers to determine if they’re at risk or contact the manufacturer directly. TechCrunch reached out to NUUO about its plans to push a patch and notify affected users.

What what makes matters worse with this vulnerability is that NUUO actually licenses its software out to at least 100 other brands and 2,500 camera models. Tenable estimates that the vulnerability could put hundreds of thousands of networked surveillance cameras at risk around the world and many of the groups that operate those devices might have no idea that the risk is even relevant to the systems they rely on.

News Source = techcrunch.com

Five security settings in iOS 12 you should change right now

in Delhi/Gadgets/India/mobile/Politics/privacy/Security by

iOS 12, Apple’s latest mobile software for iPhone and iPad, is finally out. The new software packs in a bunch of new security and privacy features you’ve probably already heard about.

Here’s what you need to do to take advantage of the new settings and lock down your device.

1. Turn on USB Restricted Mode to make hacking more difficult

This difficult-to-find new feature prevents any accessories from connecting to your device — like USB cables and headphones — when your iPhone or iPad has been locked for more than an hour. That prevents police and hackers alike from using tools to bypass your lock screen passcode and get your data.

Go to Settings > Touch ID & Passcode and type in your passcode. Then, scroll down and ensure that USB Accessories are not permitted on the lock screen, so make sure the setting is Off.

2. Make sure automatic iOS updates are turned on

Every time your iPhone or iPad updates, it comes with a slew of security patches to prevent crashes or data theft. Yet, how often do you update your phone? Most don’t bother unless it’s a major update. Now, iOS 12 will update your device behind the scenes, saving you downtime. Just make sure you switch it on.

Go to Settings > General > Software Update and turn on automatic updates.

3. Set a stronger device passcode

iOS has gotten better in recent years with passcodes. For years, it was a four-digit code by default, and now it’s six-digits. That makes it far more difficult to run through every combination — known as brute-forcing.

But did you know that you can set a number-only code of any length? Eight-digits, twelve — even more — and it keeps the number keypad on the lock screen so you don’t have to fiddle around with the keyboard.

Go to Settings > Touch ID & Passcode and enter your passcode. Then, go to Change password and, from the options, set a Custom Numeric Code.

4. Now, switch on two-factor authentication

Two-factor is one of the best ways to keep your account safe. If someone steals your password, they still need your phone to break into your account. For years, two-factor has been cumbersome and annoying. Now, iOS 12 has a new feature that auto-fills the code, so it takes the frustration step out of the equation — so you have no excuse.

You may be asked to switch on two-factor when you set up your phone. You can also go to Settings and tap your name, then go to Password & Security. Just tap Turn on Two-Factor Authentication and follow the prompts.

5. While you’re here… change your reused passwords

iOS 12’s password manager has a new feature: password auditing. If it finds you’ve used the same password on multiple sites, it will warn you and advise you to change those passwords. It prevents password reuse attacks (known as “credential stuffing“) that hackers use to break into multiple sites and services using the same username and password.

Go to Settings > Passwords & Accounts > Website & App Passwords and enter your passcode. You’ll see a small warning symbol next to each account that recognizes a reused password. One tap of the Change Password on Website button and you’re done.

News Source = techcrunch.com

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

in Apple/cryptography/Delhi/encryption/f-secure/filevault/India/Intel/Microsoft/microsoft windows/Politics/privacy/Security by

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says.

In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft.

F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk.

The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” he said.

It’s no secret that if you have physical access to a computer, the chances of someone stealing your data is usually greater. That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off.

But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.

After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.

It’s not just disk encryption keys at risk, Segerdahl said. A successful attacker can steal “anything that happens to be in memory,” like passwords and corporate network credentials, which can lead to a deeper compromise.

Their findings were shared with Microsoft, Apple, and Intel prior to release. According to the researchers, only a smattering of devices aren’t affected by the attack. Microsoft said in a recently updated article on BitLocker countermeasures that using a startup PIN can mitigate cold boot attacks, but Windows users with “Home” licenses are out of luck. And, any Apple Mac equipped with a T2 chip are not affected, but a firmware password would still improve protection.

Both Microsoft and Apple downplayed the risk.

Acknowledging that an attacker needs physical access to a device, Microsoft said it encourages customers to “practice good security habits, including preventing unauthorized physical access to their device.” Apple said it was looking into measures to protect Macs that don’t come with the T2 chip.

When reached, Intel would not to comment on the record.

In any case, the researchers say, there’s not much hope that affected computer makers can fix their fleet of existing devices.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” said Segerdahl. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Companies, and users, are “on their own,” said Segerdahl.

“Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case,” he said.

News Source = techcrunch.com

The best security and privacy features in iOS 12 and macOS Mojave

in Apple/Apps/california/Delhi/India/iOS/iPads/iPhone/Politics/privacy/Security by

September is Apple hardware season, where we expect new iPhones, a new Apple Watch and more. But what makes the good stuff run is the software within.

First revealed earlier this year at the company’s annual WWDC developer event in June, iOS 12 and macOS Mojave focus on a running theme: security and privacy for the masses.

Ahead of Wednesday big reveal, here’s all the good stuff to look out for.

macOS Mojave

macOS Mojave will be the sixth iteration of the Mac operating system, named after a location in California where Apple is based. It comes with dark mode, file stacks, and group FaceTime calls.

Safari now prevents browser fingerprinting and cross-site tracking

What does it do? Safari will use a new “intelligent tracking prevention” feature to prevent advertisers from following you from site to site. Even social networks like Facebook know which sites you visit because so many embed Facebook’s tools — like the comments section or the “Like” button.

Why does it matter? Tracking prevention will prevent ad firms from building a unique “fingerprint” of your browser, making it difficult to serve you targeted ads — even when you’re in incognito mode or private browsing. That’s an automatic boost for personal privacy as these companies will find it more difficult to build up profiles on you.

Camera, microphone, backups now require permission

What does it do? Just like when an app asks you for access to your contacts and calendar, now Mojave will ask for permission before an app can access your FaceTime camera and microphone, as well as location data, backups and more.

Why does it matter? By expanding this feature, it’s much more difficult for apps to switch on your camera without warning or record from your microphone without you noticing. That’s going to prevent surreptitious ultrasonic ad tracking and surveillance by malware that hijack your camera. But also asking permission for access to your backups — often unencrypted — will prevent malware or hackers from quietly stealing your data.

iOS 12

iOS 12 lands on more recent iPhones and iPads, but will bring significant performance boosts to older supported devices, new Maps, smarter notifications and updated AIKit .

Password manager will warn of password reuse

What does it do? iOS 12’s in-built password manager, which stores all your passwords for easy access, will now tell if you’re using the same password across different sites and apps.

Why does it matter? Password reuse is a real problem. If you use the same password on every site, it only takes one site breach to grab your password for every other site you use. iOS 12 will let you know if you’re using a weak password or the same password on different sites. Your passwords are easily accessible with your fingerprint or your passcode.

Two-factor codes will be auto-filled

What does it do? When you are sent a two-factor code — such as a text message or a push notification — iOS 12 will take that code and automatically enter it into the login box.

Why does it matter? Two-factor authentication is good for security — it adds an extra layer of protection on top of your username and password. But adoption is low because two-factor is cumbersome and frustrating. This feature keeps the feature security intact while making it more seamless and less annoying.

USB Restricted Mode makes hacking more difficult

What does it do? This new security feature will lock any accessories out of your device — including USB cables and headphones — when your iPhone or iPad has been locked for more than an hour.

Why does it matter? This is an optional feature — first added to iOS 11.4.1 but likely to be widely adopted with iOS 12 — will make it more difficult for law enforcement (and hackers) to plug in your device and steal your sensitive data. Because your device is encrypted, not even Apple can get your data, but some devices — like GrayKeys — can brute-force your password. This feature will render these devices largely ineffective.

Apple’s event starts Wednesday at 10am PT (1pm ET).

News Source = techcrunch.com

1 2 3 27
Go to Top