Tag Archives: email

Breach Brief – Under Armour

Athletic equipment maker Under Armour has reported that 150 million users of its MyFitnessPal fitness and nutrition app and website have been affected by a data security breach.

According to the company the MyFitnessPal team discovered the breach on March 25  and the culprit had gained unauthorized access to user accounts in February.

Under Armour reported that their investigation revealed that the compromised information includes usernames, email addresses and hashed passwords. Payment card data and government-issued identifiers are unaffected because the company stores that data separately.

UnderArmour notified MyFitnessPal users through email and app notifications on Thursday.

Users of the app are urged to change their passwords immediately. Under Armour said in statement that it is working with data security firms and law enforcement to investigate.

 

 

Tax Season 2018 – The IRS is Checking Your Facebook Page

There are lot of ways that the IRS can figure out your income. In addition to your W-2 and 1099 the IRS also receives information from your bank and other financial institutions and your credit card company. 

According to Debt.com if something is not adding up then your information gets red flagged by a system called the Information Returns Processing system (IRP). This massive database can review  and compare your reported income against information from other third party sources. If there is a discrepancy the IRS is alerted for further investigation. Every year the IRS estimates the U.S. government misses out on hundreds of billions of tax dollars due to unreported income. With advances in technology they hope to collect at least some of that missing tax revenue. But did you know they gather information from Facebook, Twitter and your email?

Uncle Sam is checking Facebook.

People who love to post personal information to Facebook or Tweet may want to pay attention. These are rich sources of information and the IRS knows it. With all those billions going uncollected every year the IRS has stepped up its game and is now checking your social media accounts.  

The IRS started checking Facebook and Twitter pages in 2013 in order to gather information that could support a taxpayer audit. The IRS initially denied these reports.

In an interview with Inc.com Kevin P. McQuillan of  The McQuillan Group said the IRS has been quiet about checking social media. “When the IRS first mentioned utilizing social media, it created quite a stir, and in response to that, they came out and were very specific to say that they weren’t going to use emails without some authorization. However, they didn’t say anything about social media. The IRS has always had access to public information, such as what car you own, or what house you live in. In the past auditors have used the audit process to decide what information they will look into on a particular case. However, given recent cuts to the agency and the decreased number of auditors, they are now coming to audits with this information in hand.”

The IRS is using your Facebook posts to determine if you are lying to them about income or tax issues. For example did a businessman write off a family vacation as a business trip? Or is an employer spending lavishly while claiming his business is currently unprofitable? Its called over sharing and people do it all the time. The IRS is using online activity trackers to scan massive amounts of public Internet data for potentially incriminating information.

Businesses are not immune from the social media snooping by the IRS. If your company webpage shows off new equipment, vehicles, lavish parties or expounds on your growing business while at the same time being behind on payroll taxes or suspiciously claiming beneficial business write-offs you may have some questions to answer. Keep in mind that your employees may be sharing company information on Facebook or Twitter that reflects the state of your company’s finances. Historically the IRS has used tax returns to audit businesses.  Social media scanning shows that they are now becoming more sophisticated with its investigative tools. Be careful about over sharing on public and private platforms to avoid an nasty letter from Uncle Sam.

Is email private?

You’re thinking your emails are private right? The answer is probably not. In a 2017 report  Washington State University professors issued a report  on IRS data mining, The Use of Big Data Analytics by the IRS: Efficient Solutions or the End of Privacy as We Know It?,  found the IRS was reading taxpayer private emails without a warrant. According to the Electronic Communications Privacy Act (ECPA), IRS investigators can read everything in your email account except unopened emails or voicemails saved for 180 days or less. According to the report the 2011 IRS auditor’s training manual told investigators exactly how to do it. The IRS stopped this practice in response to a Senate Finance Committee request. However, the ECPA law has not been changed. So effectively the IRS has not broken the law nor is not barred from doing this again.

Now you know.

 

 

Blockchain – Breaking It Down

The hottest word in technology is blockchain. Whether you have heard of  it or not you will be affected by it, now or in the future. But what is it?  How will it change things?

What is Blockchain?

A block is a record or log of new transactions. This log can track things like the the creation of cryptocurrency, changes to medical records, product manufacturing from start to finish or banking transactions. After each block is completed it’s added to the chain, creating a chain of blocks, hence a blockchain.

Information on the blockchain is also available to everyone. A block chain is not hosted on a single computer or server. Because of this any changes or transactions are immediately visible to everyone. So, as you can see a blockchain is very hard to falsify because everybody can see the changes and immediately notice if something is wrong or fraudulent. Blockchains are simply a public ledger that makes everything  traceable.

Blockchain was invented in 2008 to support transactions using digital currency. If you buy something using a cryptocurrency, send some to a another person or sell it, your transaction is publicly visible on the blockchain. Other people may not know who you are but they can see exactly how much has been transferred from one person to another.

Blockchain and cryptocurrency like Bitcoin are growing as an alternative to traditional banking. Users do not need a bank to move money from one location to another or to verify the transaction. This is sometimes referred to as frictionless transactions. This means a transaction can be completed without a paying a fee to a bank or government.

How is Blockchain being used?

Although blockchain is not yet in widespread use it is expected to change industry and commerce in a revolutionary way. It is considered a disruptive technology that can easily turn the economy and society upside down. As such, it is being carefully examined and introduced.

Blockchain and your vote.

Blockchain technology can can make electronic vote counting un-hackable. Voter fraud can be eliminated by securing the system during voter registration. Blockchain can secure voter’s identification and prevent vote tampering. Blockchain creates a permanent and public ledger of votes cast and tallied that provides for more fair, secure and democratic elections around the world.

Follow My Vote is one new start up company that is trying to apply blockchain to our voting systems.

Blockchain and your identity.

Blockchain is expected to make major difference in securing your digital identity. Right now billions of dollars are being lost due to online fraud and identity theft. Using blockchain technologies will make tracking and managing digital identities secure and efficient. The result will mean a seamless sign-on and reduced fraud. This is vitally important when it comes to banking, healthcare, national security, citizenship documentation and e-commerce. 

Currently password based systems rule the Internet. Blockchain technology is based on identity verification using  public key cryptographyUsing blockchain identity authentication the only question is if the person has the correct private key. It is understood the key holder is the owner and the exact identity of the owner is irrelevant. The only drawback to this system is, as always, the human factor. People share passwords they may begin sharing encryption keys.

Blockchain identity verification can allow you to securely apply for jobs, file for medical and other various benefits, remotely open bank accounts, verify emails and social media activity and, as mentioned earlier, secure voting.

Blockchain for business.

Blockchain has the ability to make sure corporations are playing by the rules. Records stored using blockchain suddenly become difficult, if not impossible, to alter.This factor means that contracts between people or between corporations are far less open to interpretation of manipulation. These are know as smart contracts.

Smart contracts are legally binding, programmable digitized contracts entered on the blockchain. Programmers can create legal contracts as variables and statements that can release funds using the bitcoin network.

An example would be if one company wanted to pay another company a million dollars at a specific time when the preconditions of the contract are met. The conditions, payout, and details would be programmed into a smart contract. Once all conditions are satisfied the money would be sent to the appropriate party as terms of the contract dictates. Computer control over contracts can increase business efficiency and make the legal system more equitable.

Blockchain is coming to a grocer near you.

Companies in the agriculture industry are using blockchain  to track the movement of produce through the supply chain. This means the farmer can track his bell peppers from the time they leave the field to the time you leave the grocery store with them. Blockchain creates a direct link from the farmer to the grocer ensuring they are paid fairly for their produce and allowing grocers to verify that they are getting what they’ve paid for. Blockchain use in agriculture means you know exactly where your food came from and who handled it. Keep in mind food fraud is growing problem. Is that fruit really organic? Is that fish really sea bass or is this olive oil really olive oil? Blockchain makes sure you get what you think you are getting and paying for.

This technology can also increase food safety and security. Blockchain brings transparency to the supply chain allowing retailers, farmers and consumers to identify and remove bad actors and poor processes. Blockchain can determine the source of food born illnesses quickly in the event of a illness outbreak saving time, money, and lives.

Blockchain and transportation.

Another way blockchain will affect your life is transportation. Car makers are using blockchain to make sure the parts that go into your car meet their standards and come from a legitimate source. Counterfeit parts are a big problem on the secondary parts market. These parts could possibly end up in busses, trains and even aircraft endangering millions of lives. Parts can now be tracked from the manufacturer to the user eliminating any possible counterfeiting.

Now you know.

 

 

 

 

 

 

 

 

 

 

 

 

ALERT!-Google Docs Phishing Attack-ALERT!

Right now millions of email users are getting a seemingly innocent email asking them to view a Google Docs file. DO NOT CLICK ON IT! DELETE IMMEDIATELTY!

The email takes the user to an excellent replica of the Google Docs page you would normally see. The hackers are so clever they have copied the newest version of the page. To make matter worse the URL or web address is very close to the real Google Docs web address. The email itself will look as if it came from a legitimate email address and even uses a .gov email address.

The email does not deliver any malicious malware that we know of. But it does steal user names and passwords.

In a statement a Google PR representative said; “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Google sent out another statement, this time directly from Google that read; “We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.

If you have recieved the suspect email there are a few things you can do.

  1. Do not click on it even if it comes from someone you know. Always be suspicious of links and attachments you are not expecting or do not know where they come from. Anytime you get an email containing a link or attachments contact the sender and ask what is it. They may not know their email is being used to send out spam or malware.
  2. Use multi-factor authentication. Many websites offer multi-factor authentication. It is simply and extra step to protect you on the web. The system often works by sendng a second code via a text message to your smartphone. This is great when you are using a computer you don’t normally use and can prevent hackers from accessing your accounts or stealing passwords.
  3. If you have already clicked on the suspect email or are not sure then you can cancel third party access by visiting this Google site. Also change your Google passwords.
  4. Finally report the incident by clicking the downward arrow at the top right of your inbox and selecting “Report Phishing.”

Remember, try to avoid catching “click around fever.” This is the compulsion to click on links or attachments in your email or visit websites just out of curiosity. Many malware infections and viruses can be had by what’s commonly known as a drive by download.  This means the instant you click on the wrong thing or visit the wrong website you’re infected.

Tax Season 2017 – Talk to Parents and Grandparents About Tax Scams

Tax season is scam season. It is also a good time to talk to elderly people about their tax returns. In the age of the Internet, email and smartphones older people to get confused and even intimidated by the technology. And scam artists know this.

For elderly African-Americans information security is a key concept they need to understand. Something as simple a securing sensitive papers can make a great deal of difference. African-American seniors need to understand that simple documents such as a utility bill can lead to identity theft. These are new concepts for many older people.

Some elderly people live in senior citizens homes or assisted living facilities. Others have in home care. These older people, because of their situation, are vulnerable. If you have a parent, grandparent or elderly reative in this situation make sure mail and other documents are properly secured. Live-in or visiting caregivers are supposed to be trusted but we know that is not always the case.

Makes sure they understand that they are not to give any information over the phone. Fake IRS scam artists are very skilled at intimidating and confusing older people on the phone. Make sure they know to hang up the phone immediately. Remember, some calls are phishing calls. This is where the caller asks question to get information that is just the beginning of the scam. They use methods known as social engineering. Older people are vulnerable because they may fall for a friendly voice on the other end asking seemingly innocent questions. Other times they may think they are talking to the IRS.  Again, remind them never give informaion over the phone.

Ask questions; who is preparing their taxes? Is this a legitimate company? Can they be trusted? How is their information handled and secured? How much are they charging? All these question maybe intrusive but if you feel your parents or grandparents are vulnerable then its better to be an nuisance now than to regret it later.

Some older people do indeed use the Internet to shop, send email and conduct other business. Make sure they understand that the IRS does not conduct business by email. Teach them to avoid clicking on links or opening attachments.

Finally, persuade older people to ask for help. Many older people guard their independence jealously. They want to feel they are in control of their own lives. Make sure they know you are there to help them and protect them.

 

Want to get Politically Active? There’s an App for That

In the first days of Donald Trump’s presidency the flames of political passion were, and continue to be, intense. People of both political parties are calling for change and make no mistake, no one is completely happy. Black people especially are unhappy with the rehetoric and the people in Trump’s administration. We need to get politically active and make our voice heard. There’s an app for that.

But before we start talking about technology and political activisim we need to identify who our elected representative is, how to contact them and how to influence them.  African-Americans need to speak out, be heard and vote! Get Yo Black Ass Out and Vote!

To determine who is representing you locally, at the state level and in Washington visit CommonCause.org. You can enter you address and find out in seconds who is speaking for you. The information includes their names, phone numbers, web pages and email addresses. You can also check USA.gov. There are numerous websites dedicated to finding this information just search and you shall find.

The best way to get in contact with your elected representative is still a good old fashioned phone call. You can email them, write a letter or you can make an appointment to see them. Its their job to answer you.  The Constitution gives you the right to “Petition the government for redress of issues.” That means your represenative is obligated to answer your questions. Another effective way to make your voice herd is to write to the editor of the local newspaper. Learn more about how to influence your elected representative by visiting the Congressional Management Foundation website.

But if you own a smartphone you can easily contact, track and weigh in on what your representative is doing. The Countable app is a news and information app that allows the user to understand and vote on the bills being considered by their representative. Countable explains the issues in plain english and sends your “Yay” or “Nay” directly to your representative. Countable is free and available for Apple and Android devices.

 

 

Another app for tracking bills is called TrackBill. This app not only follows what is happening in Washington but also in your state capitol. Available for Apple and Android.

 

 

 

Brigade – This app is a combination social media platform and political information resource. You actually take a quiz on the issues that allows the app to profile your stance. It also helps you find you representatives. But keep in mind, like any social media forum, you are going to get a lot of partisan viewpoints. Hey, its politics. Brigade is available for Apple and Android.

 

 

One of the things all black people should focus on is local politics. Remember, these are the issues that affect you directly. Right there in your city, county or neighborhood. OpenStates website helps you accomplish this by using your smartphone position to tell you exactly who to contact about an issue. The site is easy to use and reader-friendly with outlines of local bills that are being considered and one that have been passed.

 

 

We are all looking for a non-partisan answer to the issues that impact us. Its a nice dream but not so easily attainable. But Ballotpedia tries to be that nonpartisan reference guide breaking down the results of elections and providing an overview of bills that are currently being debated. It also provides details about elected representatives for all levels of governmant. The website also can send you email updates. You can find a fact checker on the website as well called “Verbatim.In case you want to check those alternative facts.

Now you know.

ALERT! – Cloudflare Discovers Major Bug – ALERT!

Cloudflare, a content delivery and security service, announced a major bug has been discovered that may have exposed users sensitive data on millions of websites. The bug, dubbed ‘Cloudbleed’, was discovered in Cloudflare’s content optimization systems. Exposed data includes passwords, session cookies, authentication tokens and even private messages. The consequences are considerd extremely dangerous. Web users are urged to change their passwords on ALL websites immediately!

You may not have heard of  Cloudflare but it is one of the world’s largest Internet security companies. Cloudflare’s technology is running on millions of websites and in Fortune 500 compnaies. Cloudflare describes itself as a “web performance and security company.”

Cloudfare’s systems modifies HTML pages passing through its servers in order to rewrite HTTP links to HTTPS. This process hides certain content from bots, conceals email addresses, enables Accelerated Mobile Pages (AMP) and more. Cloudflare’s clients include huge companies like Uber, OKCupid,  FitBit and 1Password. 1Password claims its user data is safeBut with the millions of websites using the service it makes this bug an extremely serious threat.  The result is that massive amounts of sensitive data has potentially been compromised.

The data leak was accidently discovered on February 18th by Google security engineers. They immediately alerted Cloudflare. The company responded by quickly assembling an incident response team and shut down the feature causing most of the data leakage within hours. By the 2oth a complete fix was in place. The rest of the time, until the incident was publicly revealed, Cloudflare worked with search engines like Yahoo! Bing and Google to remove the sensitive data from their caches.

According to a blog post from John Graham-Cumming, Cloudflare’s CTO, the leaks could have been going on since September 22. However the period of greatest impact was between February 13 and February 18, when the email obfuscation feature was being migrated. Cloudflare estimates that around one in every 3.3 million HTTP requests that passed through its system potentially resulted in memory leakage.  That equals roughly 0.00003 percent of all requests.

But that does not negate the seriousness of the data leak. Sites that don’t use Cloudflare’s service, but have a lot of Cloudflare users, might have compromised data on their servers. This means the problem has spread all over the Internet. 

In an interview with Gizmodo Cloudflare CEO and co-founder Matthew Prince said, “This is a big deal for us. This is a really bad bug. This is something that our customers should be very cognizant of and should take very seriously.”

Everybody that uses any website is strongly urged to change your passwords immediately. As in right now!

 

Breach Brief – Yahoo! Again! A Billion This Time!

Yahoo-headquartersYahoo! admitted today that the previous data breach was just a warm-up act. The latest bad news reveals that user data recovered by authorities uncovered a different hack entirely. Now there are over a billion compromised accounts. Yes, I said a BILLION! 

This the second record breaking data breach of Yahoo! customer data. The previous hack endangered  more than 500 million Yahoo! accounts. It took years for that breach to come to light. 

Bob Lord, Yahoo!’s  Chief Information Security Officer (CISO) said, in a press release,  “As we previously disclosed in November, law enforcement provided us with data files that a third party claimed was Yahoo! user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts.”

Yes, you read that right. More than a billion Yahoo! customer accounts have been vulnerable for over 3 years now.

It seems that Yahoo! employees simply don’t give a damn. Yahoo! admitted that some employees were aware of the breach announced in September as early as 2014. But someone inside Yahoo! decided to dropped the investigation.  

Yahoo! has advised, as it has before,  that “potentially affected users” change their passwords. Clearly Yahoo! has some serious  security  issues.  At one time Yahoo! was one of the biggest, most well known and respected Internet companies.  My how times have changed.

Now the company may die a sad death. At one time Verizon was considering buying the failing company but that could change and there are few other suitors.  According to Business Insider Yahoo! has admitted that Verizon may very well back out of the deal after this latest news.

Craig Siliman,Verizon’s chief lawyer, told reporters that the telecom giant has a “reasonable basis” to believe that Yahoo!’s monstrous data breach is equal to a material impact that lets Verizon trash the $4.83 billion deal.  

If that were to happen we could witness the death of the first giant Internet company. It would be historic but no unprecedented in the business world. You remember PanAm Airlines don’t you?