Tag Archives: Apple Safari

ALERT! – Specter and Meltdown Security Flaw – ALERT!

Regardless of what computer you own, Apple or Windows, Spectre and Meltdown security flaws affect you. Security researchers recently revealed the details of these two microprocessor security flaws. Chips made by Intel, Advanced Micro Devices (AMD) and others are in billions of devices making them sitting ducks for hackers.

Devices with these chips include phones, tablets, PCs, and computer servers. Exploiting the vulnerability opens the door for hackers to steal personal data, passwords, cryptographic keys, and other supposedly inaccessible information from device owners. While the average consumer should exercise caution the impact on business could be devastating. 

The Meltdown flaw only runs on Intel chips while the Spectre flaw can affect devices with virtually any modern processor.

Computer microprocessors handle data like a passwords or encryption keys. Normally these are kept from other apps. But both Intel and AMD pride themselves on the speed of their chips. To do this the chips use whats known as “speculative execution” to try to guess answers that may be needed if a chain of calculations came out a certain way. Since the delay in calculations can be predictable researchers found that a rogue app could guess where confidential data was located in a chip’s memory and steal it.

Regardless of your web browser, Google Chrome, Apple Safari, or any version of the Windows family, they all use Javascript code.  Hackers could introduce a data stealing Javascript program and post it on any chosen web site. Your browser app would automatically run the rogue code like it was an ordinary part of the site’s features resulting in your data becoming vulnerable or stolen. As you can see this is an extremely grave threat to business computing.

Although this vulnerability is now known there is no evidence anyone has used it…yet. And that is where the danger lies. The danger of these flaws is so great that tech companies  swung into action quickly to fix the problem. Perhaps too quickly.

According to various news sources the Microsoft patch to fix the flaw has been damaging some devices.  In some instances the computers are suffering performance problems while others have been bricked. A bricked computer is frozen and unusable. The problem has become so bad that Microsoft has halted issuing the patch for both Spectre and Meltdown for AMD equipped computers and devices.

Intel’s CEO Brian Krzanich addressed the Meltdown and Spectre issue as the keynote speaker at the Consumer Electronics Show in Las Vegas. “I want to thank the industry for coming together to address the recent security research findings reported as Meltdown and Spectre,”  said Krzanich. He called the response to the issues a “collaboration among so many companies.” Krzanich promised that “for our processors and products introduced in the past five years, Intel expects to issue updates for more than 90 percent within a week, and the remaining by the end of January.”

Browser makers have swung into action to combat the flaw. Users of Google Chrome should turn on a feature calledsite isolation.”  The feature prevents malicious Javascript from accessing sensitive data. Google will soon release an update to Chrome’s Javascript feature that will improve protection against Spectre attacks, however, browser performance may suffer.

Microsoft has already issued a Windows security update for its Internet Explorer and Edge browser apps labeled “KB4056890” to protect against Spectre. According to Microsoft the update will change the browser’s features to protect confidential information in a device’s CPU. But make sure you check if your device has an AMD chip before using this patch.

Firefox maker Mozilla said its newest apps changed several features to make Spectre attacks more difficult. Released on January 4th, Firefox version 57.0.4 includes the new protections. Mozilla said in a blog post that it is studying additional ways to strengthen security against the attacks. “In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test.”

Apple is planning to release an update to Safari in “coming days” to protect against Spectre. Early tests of the Apple updates showed a minimal impact on browser performance. For additional information on Apple products click here.

 

 

 

 

 

 

 

See and Block Who’s Tracking You Online

canstockphoto19683471Privacy on the Internet is a rare commodity. Currently 85 percent or more of black people are online. Most black people own a smartphone or other mobile device. And most black people have no idea how easy it is to track exactly who you are, where you are, who you call, text or email and pretty much everything else you do online. You are being watched like a prisoner.

Trying to stop this constant tracking is a tough task and the law is no help. Congress and industry have little or no incentive to stop this incessant invasion of privacy. Part of the problem is that consumers have yet to get really angry about this activity.

There are people fighting for your privacy online but its an uphill battle to say the least. The Electronic Frontier Foundation (EFF) and Disconnect, Internet privacy right groups and a group of web companies have lauched a new “Do Not Track” (DNT) standard meant to encourage website owners and advertisers to respect your online privacy. Unfortunately this is a voluntary standard and companies are free to agree, or not to agree, to adhere to the new standard.

Big players like Yahoo! and Microsoft have not come out in favor of the new standard. Microsoft announced in April that it was no longer enabling ‘Do Not Track’ as the default state in Windows Express settings.

A year ago Yahoo! said that ‘Do Not Track’ settings would no longer be enabled on its site saying; “we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.” But Yahoo! has agreed to honor the ‘Do Not Track’ setting on the Firefox browser as part of a search deal. So both companies are openly admitting they are tracking you.

Companies that have agreed to honor the new ‘DNT’ standard include publishing site Medium, analytics service Mixpanel, ad and tracker-blocking extension AdBlock, and privacy search engine DuckDuckGo.

Millions of black people are using social media. And the God of social media is Facebook. But did you know that Facebook is probably the biggest data collector in the history of civilization? Because people are giving it to them.

But who is using Facebook to track your Internet activity? How do you block them?

First of all keep in mind that advertisers may not not know your name and other personal information about you. But that is just a maybe. We don’t know what they know and they ain’t telling. Legally, they don’t have to.

But here are the steps to see and block advertisers that are tracking your Facebook profile from Businessinsider.com.

First go to the settings button on your Facebook page.

Facebook settingsFacebook

Scroll down and click “Settings.”

Facebook settingsFacebook

Inside the settings menu, click on Apps.

Facebook settingsFacebook

This looks like a list of apps that are signed into your account. But pay close attention to the “show all” option at the bottom of the list …

Facebook settingsFacebook

Voila! The list of apps tracking me is so long I have to make this super zoomed-out view to see them all:

Facebook settings

Facebook

On each app, there is an Edit function and a delete “x” mark. Let’s look at what QuizUp, the hot new trivia mobile game app, knows about me.

Facebook settingsSettings

QuizUp knows my email, birthday, and current location. Because it’s a mobile app on my phone, it also knows my phone number. But that’s not all …

Facebook settingsFacebook

Click this little “?” symbol on “basic info” and it turns out that QuizUp is getting a bunch more info about me, too, including a list of all my friends and my profile picture!

Facebook settings

(Source: Businessinsider.com)

You can control this information by clicking on the “x” symbol to delete the app’s access to your Facebook account. That might mean the app won’t work, however.

Review each app to either edit its permissions or delete its access to you on Facebook entirely. It’s a bit time-consuming — but otherwise you’re just giving these people free data.

Another thing black people need to be aware of is that companies are using your email to spy on you. Much of the email you recieve from an advertiser or even a company you do business with is loaded with spying technology.

To see who is tracking your email, or in this case Gmail, you can use a browser extension tool named UglyEmail to see what companies are tracking your Gmail email.

UglyEmail shows you if your email is being tracked. And email being tracked in Gmail will have a tiny eye attached to it. Your inbox will look something like this.

UglyEmail

One of the ways that your email is tracked is a technology known as pixel tracking. Pixel tracking is when a tiny image, about 1 pixel in size, is inserted in an email. The image is invisible to the email recipient but it has a code that tells the server to call the sender when the email is opened.

To block that you can use a browser extension known as PixelBlock. PixelBlock will block that pixel code from transmitting back to the sender. Email with a pixel tracking code have a red eye on them. PixelBlock will also tell you who sent the pixel and how many times they have attempted to track you.

We did mention that Facebook is the greatest collector of data in history didn’t we? Well did you know that Facebook follows you around the Internet even when you are not on the website? How do they do this?

Facebook employs over 200 different trackers that follow your online activity. These trackers come in the shape of cookies, Javascript, 1-pixel beacons, and Iframes. Tracking technologies are used to see what websites you visit, how often you visit them and other interactions with websites.

Not all cookies are used for tracking.  Many Facebook ‘Like’ buttons are used to collect and store information to be used later. Your browser communicates with a server to construct the website you wish to view. This called a request.

But keep in mind that the website you are viewing isn’t the only server your browser is talking to. Trackers from other data collectors, Facebook included, are on the site as well. You have no idea they are tracking you without privacy software. You don’t know they are there and you probably don’t wish to share your personal information with them.

To protect yorself and your information you need to use the do not track function on your browser. It may help but probably won’t competely stop the tracking. You can find a list of the five most secure browsers here.

Choose your privacy setting in the following browsers

Google Chrome

Microsoft Internet Explorer

Apple Safari

We used Facebook as an example of companies that track you online because they are the biggest offender. But undertand this, almost every website has some method of monitoring who visits it. The sometimes sell the information or just hold onto it to better serve you. Just remember AACR Internet rule #8 “There is no privacy on the Internet.”

Now you know.

 

 

 

 

Home Internet Security; Have You Been Hacked?

ID-100310547Far too many African-Americans ignore their Internet security. When we do this we are gambling with our lives. Our financial life, our professional life, our identity, our children’s identity or the identity of our husbands or wives, are all endangered if we ignore basic cyber security.  Let’s look at it this way; do you drive without a seat belt? Then why would you use the Internet without being safety and security conscious?

One of the first things you should be aware of when using the Internet is if you are browsing safely and if your browser is secure. Regardless of the browser you use, be it Internet Explorer, Google Chrome, FireFox or Opera, you have to ask, is it secure.

The reality is that it’s hard to know which browser is the safest or most secure. Why? Because there is no set standard for browser security. That makes you responsible for setting up your browser and home network to be as secure as possible. But there is a little good news. Experts at Skybox Security have looked at all the browsers mentioned above and evaluated them based on exposed vulnerabilities, most published and patched vulnerabilities, and the shortest time between security patches.

Surprise! The winner is the browser you are probably not using; Opera.  Opera is pretty much an unknown browser.  It’s market share is around one percent so there’s probably not a lot of interest in finding Opera’s vulnerabilities.  Keep in mind hackers are looking for the greatest numbers to have the greatest impact when they attack. But Opera did have the least number of vulnerabilities.

Even if Opera has the fewest vulnerabilities we have to look at how often the other browsers find and fix their own vulnerabilities. In this category Chrome wins. Chrome finds flaws and issues updates every fifteen days compared to Opera’s every 48 days. Internet Explorer and Firefox update about once a month. But again there more to it than that. Keep in mind that all these browsers are vulnerable to what is known as Zero Day Exploits. That is a flaw that the hackers finds and attack with no warning to the browser makers. It happens all the time. As for Firefox; just last year Extremetech.com named it the least secure browser.

So finally let me answer your question. Which is the safest and most secure browser? My answer would have to be Chrome. AACR does not make product endorsement. But, when looking at the overall measures we have decided that having defenses that update regularly and frequently is the best way to go. We hope that answers your question. Read more about the Best Browsers of 2015 here.

Lets take the next step in your home Internet security. Is your home router secure? Or has it been hijacked? My guess is you really don’t know. I have always said, make damn sure you have solid password protections on all your devices including your home router. Ask yourself  “Is my password stupid?” If your home router is compromised then your life is compromised. Every Internet device in your house uses the router. Think about this, your cellphones connect to your router, all your computers, laptops, tablets, game consoles, television, telephone, printers, home security system, your thermostat and any other smart appliances you have in your home all go through your router. Think long and hard about that.

So how do you now if your router is hijacked? A company named F-Secure just launched their Router Checker tool. It’s a quick, simple and free way to determine whether or not your DNS is working the way it should. OK; so you’re asking what the heck is DNS. DNS stands for Domain Name Servers. This is the the Internet address book.  If your DNS is corrupted or poisoned then you could end up on some pretty dangerous websites and not even know it.

The best thing about the Router Checker Tool is that there’s no app to download and install. It’s a website that you visit with any modern, standards-compliant browser. Any of the browsers we have talked about, Internet Explorer, Firefox, Chrome, Safari, and Opera, will work. I would suggest you check your browser immediately and then bookmark the site and do the test regularly. You can also use the tool when you’re connecting to less trustworthy access points like the airport, a coffee shop, library, or anyplace offering free WiFi. Before you do anything in these places you should fire up F-Secure’s tool and find out what it thinks about your connection.

Now let me ask you another question. Have you been pwned? First a quick definition of the word is clearly needed. Pwned comes from video-game culture. It refers to someone who’s been beaten. Pwned accounts are email addresses and user accounts that have been compromised. A hacker may have illegally obtained the data from a vulnerable system. Perhaps a breached home router? Pay attention people!

Now if your pwned account is made public it becomes a pasted account. That means it has been pasted to public sites that share information while remaining anonymous. Such a site is Pastebin.com

Now there is a site you can use to discover if you have pwned or pasted. Have I Been Pwned?  is a website built by Troy Hunt author of web security courses for PluralsightIt’s simple and free to use. You just enter your email address or account name in a text search box and the site lets you know if it’s been pwned or pasted. Do it!

Paying attention to your digital life is as important as paying attention when you drive. The slightest lapse in focus could get you killed. You know that. It’s the very same with using the Internet. I suggest to black people that you pay attention to what can happen if you lose focus. The Internet may not kill you but if something goes wrong online you may want to kill yourself.