With so many breaches happening not just on FB but all across the net, you have to keep your security one step ahead of the curve. In this article I’ll go over changing your FB password as that is the latest breach but you should be doing this at least once every 90 days nothing past that.
I never use anything but LTS if and when I put Ubuntu on my machines so I will not cover 15.10 or 16.10. These are some of the things to do right after installing Ubuntu on your computer.
Most of these steps will be terminal based so start up a terminal. Press the super key (the Key Formerly Known as the Windows Key) to bring up the Unity dash. Then, type in terminal and choose the icon for the terminal program.
Security expert Bruce Schneier recently talked about how someone is learning how to take down the internet. We have seen lots of companies talk about attacks on their infrastructure, breaches, hacking and stealing accounts, etc. As per the companies, it seems name of the attacks are made out to seem like probing for ways to get into networks and do harm.
It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
– Bruce Schneier
If you are a parent, thinking about becoming one or know a parent that can benefit from this coverage; please allocate some time and watch and pass the word on to as many families as you can. This is an important piece that parents, guardians and well, everyone needs to watch; and make sure your child(ren) watch it with you. In today’s word where the interwebs is the place to be and where children spend most of their time; it is important that we all know what they do, how they are living their social lives, what they are doing online and with whom, etc. Anderson Cooper captures a lot of this in the #Being13 special report.
I have written these pieces:
and there will be more to come.
Atlanta (CNN) For the past two years, CNN has been investigating how teens use social media.
#Being13: Inside the Secret World of Teens airs on October 5th (tomorrow) at 9 p.m. ET on CNN
Across the country, eighth graders (with the permission of their parents and schools) allowed child development experts into their online world. Experts studied 150,000 posts across Instagram, Twitter and Facebook.
Ahead of the special, CNN asked some of the teens who participated in the study about the impact of social media on their lives. Their answers express solely their opinion and are edited for brevity and clarity.
What does social media mean to you?
Morgan: Social media means a lot to me, and it’s very important in my eyes. A lot of my life revolves around it. So, without social media, my life would be pretty different.
Zack: Social media, to me, means a place where I can post things about myself for other people.
Jay: Honestly, I really love social media. Social media is a great way to chat with your friends.
Emmy: It makes me feel really happy — I guess? I don’t know how to explain it. It gives me mixed emotions, but most of the time it makes me feel very happy. I don’t know, it is just something I really like to do.
What is the purpose of social media?
Morgan: To me, social media’s purpose is to have a way to connect with people online. It helps you to still be in touch with lots of people even if it’s not face to face. It can also have the purpose of letting people know who you really are. People can be themselves, and be more open than they might be in person.
Zach: The purpose of social media is so I can express who I am, what I do and places I go.
Jay: Social media definitely has more than one purpose. One of the ways is to interact with your friends and meet new people. Actually, it is funny that you ask, because my school just based everything online. They are making us get these apps, and then we get all of our homework on it. So now, everything is basically off social media, Facebook and everything. Like, I am in this class, and they give us stuff to do that is on the Facebook page. We have to get this app called Google classroom. We are basically going paperless. Everything is going to be online now.
Emmy: I would say to be connected to everything and everybody in your school and your friends and have like a mini community online.
Describe what it feels like when you are cut off from social media?
Morgan: Being cut off from social media is awful. Even just one day off it makes you feel like you’re totally out of the loop on everything. I always feel like I miss out on tons of stuff, and everyone knows more than me about what’s been going on lately.
Zach: It feels as if something really important has been taken away, and if I don’t have it, I will just be a more grumpier and frustrated person in general.
Jay: Oh well, it happens a lot because my mom keeps taking away my phone. I guess sometimes I feel like I am not able to talk with anyone. I feel sort of like cut off from all my friends, because I am not going to be able to talk to them to see what they are doing. When you think about it, that is one of the only ways you can interact with them when you are not with them.
Emmy: It makes me very upset. My parents would ground me from my phone before they would ground me like into my room, because I am constantly always on it. If I am disconnected from that, I just feel like I have nothing to do. Everything I do is on my phone. I go outside and play sports, but I am always doing that. I am always on my phone — usually. So, when I am disconnected, I am very upset and just beg and beg my parents to give me it back. Or, I ask my friends when I get to school, “What’s been going on?” So like, everybody knows what is going on, but I am the only one that is out. I feel left out.
Do parents and teachers understand why social media matters so much to kids your age? What don’t they get about it?
Morgan: I don’t think parents and teachers understand why social media matters so much to kids my age. They don’t get that everything relies on how we look in a picture, how many likes/followers we have, if we get a comment back from someone, etc.
Zack: What don’t they get about it? They do understand that it is very important to us, but they don’t understand why. Because, when they grew up they didn’t have the social media that we have. So, they don’t understand why or how important.
Jay: Oh, definitely not! My parents don’t have social media or anything, where our generation has grown up with the advanced iPhones and new apps coming out. But my parents just see it as distractions. Like to us, it was basically something we grew up with and something we have known all our lives.
Emmy: Since they didn’t have it when they were younger, they don’t understand why we are constantly on it. They don’t understand why we have to post everything, because they know some people might get mad or offended by it. They just don’t get it. Like, I know my dad uses social media, but they still don’t use it as much as we would.
Cooper quotes from one of the many online attacks that his team unearthed.
“Go die. Stop trying to be popular,”
“Holy s— your [sic] ugly.”
(And that’s one of the tamer ones!)
Headlines from CNN’s “Being13: Inside The Secret World of Teens” include:
- Middle schoolers view social media as a real time score board for a 24/7 popularity contest.
- Students in our study admit checking their social media accounts more than 100 times a day. Middle schoolers “check” social media more than they post. The more they look at social media, the more distressed they can become.
- Social media interactions often matter more than real life conversations. The line between the real world and the cyber world no longer exists to middle schoolers.
- #Being13 identifies new, painful ways teens bully and strategically exclude each other on social media. More than a third of middle schoolers admit they purposely exclude others online.
- 94% of parents underestimated the amount of fighting on social media. We decode the language teens don’t want their parents to understand.
- 15 percent of middle schoolers admit they have received inappropriate photos, many of which are used for revenge porn.
- #Being13 explores the connection between selfies and self-esteem. We’ll introduce viewers to teens who take 200 selfies before selecting which one to post.
- “#Being13: Inside The Secret World Of Teens” also gives families a practical roadmap for navigating the new challenges of parenting plugged-in Tweens. We show parents what to worry about and what to let go, and how to use social media as a way to deepen their relationships with their children.“Being 13” is a follow up to AC360°’s Emmy award winning special report, “Bullying: It Stops Here.”
The first patches for Shellshock didn’t offer complete protection. The latest revisions of this patch for the popular Mac OS X, Linux, and Unix bash shell security problem were released on Friday, offering greater defenses against hackers.
The problem with the first patch, as Red Hat explained in its Shellshock FAQ, was that it only took care of the original bash flaw CVE-2014-6271. This, the true Shellshock bug, is the worst bash security hole. There were also others.
Red Hat said: “Shortly after that issue went public a researcher found a similar flaw that wasn’t blocked by the first fix and this was assigned CVE-2014-7169.” This bug is also a security problem, but it’s not as bad as the other flaw.
Later, Red Hat Product Security researcher Florian Weimer found additional problems and these were designated CVE-2014-7186 and CVE-2014-7187. Fortunately, these bugs are less serious and the latest patch takes care of these as well. As Red Hat’s Huzaifa Sidhpurwala told me: “The latest version of bash fixes all the CVE issues.”
So, what you want to do now, if you haven’t already, is check to see if you’re running a vulnerable version of bash. Continue reading Shellshock: Better ‘bash’ patches now available
Security researcher Axelle Apvrille recently published a paper about AdThief, a malware aimed at hijacking ad revenue from a reportedly 75,000 infected devices. First discovered in March 2014, and also known as “spat,” the malware, which comes disguised as a Cydia Substrate extension, was found to replace the publisher ID of publishers with the one of the malware creator, effectively attributing all ad revenue to him.
A publisher ID is used to identify a publisher’s account on an ad platform, which helps track revenue generated by said publisher. By being able to swap the publisher’s publisher ID with his own, the malware creator was able to hijack revenue from about 22 million ads. In effect, when clicking on an ad, an infected user would generate ad revenue for the attacker instead of the developer of the application or website.
- Infected devices: ~75k
- Total activate times: ~22m
- Daily activate times (around 3/20/2014): ~22k
The malware was designed to target ad kits from 15 ad networks, including Google-owned AdMob and Google Mobile Ads, both representing a large share of mobile advertising at least here in the US. Other American companies targeted by AdThief are AdWhirl, MdotM, and MobClick. The remaining targeted ad networks were all from China or India.
A list of mobile adkits targeted by the malware is provided in a report: YouMi, Vpon, MobClick, Umeng, AdSage/MobiSage, MdotM, InMobi, Domob, AdWhirl, AdsMogo, Google Mobile Ads SDK, AderMob, Weibo, MIX SDK and Poly SDK. The majority of these are Chinese, four are based in the US, and two in India.
In his report, Xiao remarks that Weibo is a popular social network in China, but is unable to attribute MIX SDK and Poly SDKmore precisely. In fact, Sina Weibo, introduced in 2013, is an advertisement SDK, so that solves one mystery.
MIX SDK can be attributed to GuoHeAD. It probably refers to the GuoHe MIX platform for cross-promotion of mobile games. This is also backed up by the name of a source file found in the malware: /Volumes/MacOsStore/Project/IOS/SpAd/SpAd/AD_GuoHe.xm.
Finally, Poly SDK is not a new adkit: it corresponds to AderMob. This is confirmed when downloading the AderMob iOS SDK.
Hijacked advertisements in iOS/AdThief
|AdMob and Google Mobile Ads||http://www.admob.com/||USA|
Implementation details of adkit hooks found in iOS/AdThief.A!tr
|Adkit source||Filename||Typical class names|
|AdMob and Google Mobile Ads SDK||AD AdMob.xm||GAD*|
|Komli Mobile||AD KomliMobile.xm||APIManager*|
|YouMi||AD Youmi.xm||YouMi* – delegated to Google Ads|
iOS/AdThief is a technical and malicious piece of code which hijacks revenue from 15 different adkits. It is built on top of the Cydia Substrate platform, available for jailbroken devices, which provides it with an easy way to modify advertisement SDKs. With Substrate, the malware needs only to focus on the call and implementation of each hook.
At first, the identification of every adkit the malware targets was difficult because the code mentions only class names used by each adkit SDK. However, the fact that the malware author did not strip out debugging information helped us to identify all 15 adkits. In particular, this is how support for Komli Mobile and GuoHeAD was detected.
A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.
The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.
Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.
“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”
Websites inside Russia had been hacked, too, and Mr. Holden said he saw no connection between the hackers and the Russian government. He said he planned to alert law enforcement after making the research public, though the Russian government has not historically pursued accused hackers.
So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.