Twitter Advises Users To Change Their Password

4 May 2018

Twitter Tells Users To Change Passwords After Discovering GlitchCBS Boston, 2018/05/03

Twitter is advising users to change their passwords after discovering a glitch that stored passwords unmasked in an internal log. The company says it fixed the bug and there is no indication of a breach or misuse.

Still, it’s urging its 330 million users to change their passwords as a precaution.


Twitter said it stored encrypted passwords using a hashing algorithm called bcrypt. But the social network had stored the password in plain-text before it was encrypted. Twitter said this happened because of a bug. The company did not respond to a request for comment to clarify what the bug was.

Via Twitter:

How to change your Twitter passwordCNN, 2018/05/03

Advertisements

Windows 10 Critical Bug Alert

16 Apr 2018

Windows 10 ALERT – Critical bug can let hackers steal YOUR username and passwordUK Express, 2018/04/15

Windows 10 fans have been put on alert about a critical bug which lets cybercriminals steal their username and password.

The vulnerability affects Microsoft’s Outlook software, and attackers can take advantage of it to steal Windows login credentials.

A hacker can get access to this sensitive information by convincing a victim to preview a rich text e-mail containing remotely hosted OLE objects.

Later is the article, it mentions a previous bug…

The news comes after last month Windows 10 users were put on alert about another security issue.

The critical vulnerability let cybercriminals exploit Microsoft’s Windows Remote Assistance feature to steal any file from a victim’s computer.

The exploit affected all versions of Windows to date, including Windows 10, Windows 8.1, Windows 7 and Windows XP.

Ahmed explained in a blog post how, for the vulnerability to be exploited, the victim needed to use Windows Remote Assistance to ask for help from another user.

The person who requested assistance then needed to send a file, via e-mail or other means, named “Invitation.msrcincident.” to a third-party.

It’s this file that cybercriminals could then exploit to ensure they had access to victims’ sensitive data.

Ahmed said hackers could trick victims into handing over this file via a mass phishing scam.

Make sure to keep your computer updated. I prefer manual updates rather than automatic, just to keep control over what comes in to your computer. Not all Windows updates are customer friendly.


Susnstein Suggests Caution in Dealing with Cambridge Analytica and Facebook

22 Mar 2018

So this is interesting. Cass Sunstein formerly served in the Obama Administration and is likely a long term friend since he taught law in Chicago. He authors this piece in Bloomberg concerning the Cambridge Analytica/Facebook issue that is in the news.

Cambridge Analytica Behaved Appallingly. Don’t Overreact. – Bloomberg, 2018/03/19

The horrendous actions by Cambridge Analytica, a voter profiling company, and Aleksander Kogan, a Russian-American researcher, raise serious questions about privacy, social media, democracy and fraud.

Amidst the justified furor, one temptation should be firmly resisted: for public and private institutions to lock their data down, blocking researchers and developers from providing the many benefits that it promises – for health, safety, and democracy itself.

In other words, we want to be able to use data for OUR purposes… but not the other side. I posted already about the fact that they did this in 2012. Sunstein wants to be able to harvest this data again and FIRMLY resists locking down data.


Facebook Data Use Was OK in 2012

20 Mar 2018

What’s genius for Obama is scandal when it comes to Trump – The Hill, 2018/03/20

On Sunday, The Guardian reported on the supposedly nefarious workings of President Trump’s data-gathering team at Cambridge Analytica. The report suggested that Cambridge Analytica had essentially issued questionnaires through a third party; those questionnaires, which were personality quizzes, requested that you use your Facebook login. Cambridge Analytica then compiled data regarding those who completed the quiz and cross-referenced that data with political preferences in order to target potential voters.

This isn’t particularly shocking. In 2012, The Guardian reported that President Obama’s reelection team was “building a vast digital data operation that for the first time combines a unified database on millions of Americans with the power of Facebook to target individual voters to a degree never achieved before.”

What, exactly, would Obama be doing? According to The Guardian, Obama’s new database would be gathered by asking individual volunteers to log into Obama’s reelection site using their Facebook credentials.

So Facebook allowed Obama’s group access to the data, but frown what when a supposed Trump group is claimed to have used to same data… except…

Trump campaign phased out use of Cambridge Analytica data before election – CBS, 2018/03/18

The Trump campaign never used the psychographic data at the heart of a whistleblower who once worked to help acquire the data’s reporting — principally because it was relatively new and of suspect quality and value. The profiling approach utilized by Cambridge Analytica allowed it to predict the voting likelihoods of individual people based on personality, the firm claimed.

… he never used the data. Why?

The Trump campaign had tested the RNC data, and it proved to be vastly more accurate than Cambridge Analytica’s, and when it was clear the RNC would be a willing partner, Mr. Trump’s campaign was able to rely solely on the RNC.

 


Details of Russian Trolling Found in Data Leak

2 Mar 2018

Leaked: Secret Documents From Russia’s Election Trolls – The Daily Beast, 2018/03/01

After completing its recon, a key tactic of the troll farm was to present its offerings as authentically American. They stole actual Americans’ identities and established false cover identities online. A consistent approach was to posture as supporters of passionate causes. But those causes varied wildly across the political spectrum. Some Internet Research Agency-created accounts pretended to be Muslim groups, others anti-Muslim activists. They were advocates of black liberation on one hand and its most fervent American critics on the other—whatever was necessary to aggravate long-standing and very real American divisions.

Social media—particularly YouTube, Facebook, Instagram, and Twitter—magnified the troll farm’s reach. The money flowing into the Internet Research Agency’s coffers paid for a graphics department, data analytics, and other tools to improve their product, and they tailored their English-language propaganda to show up prominently in Google searches. One employee bragged: “I created all these pictures and posts, and the Americans believed that it was written by their people.”

But spreading misinformation on social media wasn’t enough. By summer 2016, the Internet Research Agency wanted to prompt Americans into the streets. Using tools like Facebook’s events page, they staged and promoted rallies for Donald Trump and against Clinton.

Basically if there was a major issue of contention in our society, they wanted to hype it up and make it worse – in order to divide the country. What that should also tell us is that a unified country makes us stronger. That does not mean we all think the same on every issue, but we should seek the best of the country and want the best for fellow citizens.


Data Breach at the Dept. of Homeland Security

4 Jan 2018

DHS confirms data breach – Raw Story, 2018/01/04

The Department of Homeland Security (DHS) announced Wednesday that data of over 240,000 current and former employees was breached from an internal source and was discovered during a criminal investigation into the actions of a former staff member of the Office of the Inspector General (OIG).


In a letter to employees, the DHS said that an unauthorized copy of its investigative case management system was found in the possession of a former DHS OIG employee.


The agency confirmed that the incident was not due to an external cyber-attack from unknown sources but stemmed from a leak inside the DHS itself. The breach was eventually categorized as a “privacy incident.”


DHS also added that the data breach was not a malicious attack but a mistake and the leaked data was not a security or privacy threat to the affected.

The breach was found last May.


Warrantless Wiretap Reform Percolating in Congress

6 Oct 2017

2017/10/04 – Warrantless wiretapping reform legislation circulates on Capitol Hill – The Hill

The House Judiciary Committee on Wednesday is circulating a hotly-anticipated proposal to reform the National Security Agency’s controversial warrantless wiretapping program.

Good to hear. It would be even better to investigate possible wiretapping violations that may have occurred. A copy of the legislation is at the link.