Tag Archives: Javascript

ALERT! – Specter and Meltdown Security Flaw – ALERT!

Regardless of what computer you own, Apple or Windows, Spectre and Meltdown security flaws affect you. Security researchers recently revealed the details of these two microprocessor security flaws. Chips made by Intel, Advanced Micro Devices (AMD) and others are in billions of devices making them sitting ducks for hackers.

Devices with these chips include phones, tablets, PCs, and computer servers. Exploiting the vulnerability opens the door for hackers to steal personal data, passwords, cryptographic keys, and other supposedly inaccessible information from device owners. While the average consumer should exercise caution the impact on business could be devastating. 

The Meltdown flaw only runs on Intel chips while the Spectre flaw can affect devices with virtually any modern processor.

Computer microprocessors handle data like a passwords or encryption keys. Normally these are kept from other apps. But both Intel and AMD pride themselves on the speed of their chips. To do this the chips use whats known as “speculative execution” to try to guess answers that may be needed if a chain of calculations came out a certain way. Since the delay in calculations can be predictable researchers found that a rogue app could guess where confidential data was located in a chip’s memory and steal it.

Regardless of your web browser, Google Chrome, Apple Safari, or any version of the Windows family, they all use Javascript code.  Hackers could introduce a data stealing Javascript program and post it on any chosen web site. Your browser app would automatically run the rogue code like it was an ordinary part of the site’s features resulting in your data becoming vulnerable or stolen. As you can see this is an extremely grave threat to business computing.

Although this vulnerability is now known there is no evidence anyone has used it…yet. And that is where the danger lies. The danger of these flaws is so great that tech companies  swung into action quickly to fix the problem. Perhaps too quickly.

According to various news sources the Microsoft patch to fix the flaw has been damaging some devices.  In some instances the computers are suffering performance problems while others have been bricked. A bricked computer is frozen and unusable. The problem has become so bad that Microsoft has halted issuing the patch for both Spectre and Meltdown for AMD equipped computers and devices.

Intel’s CEO Brian Krzanich addressed the Meltdown and Spectre issue as the keynote speaker at the Consumer Electronics Show in Las Vegas. “I want to thank the industry for coming together to address the recent security research findings reported as Meltdown and Spectre,”  said Krzanich. He called the response to the issues a “collaboration among so many companies.” Krzanich promised that “for our processors and products introduced in the past five years, Intel expects to issue updates for more than 90 percent within a week, and the remaining by the end of January.”

Browser makers have swung into action to combat the flaw. Users of Google Chrome should turn on a feature calledsite isolation.”  The feature prevents malicious Javascript from accessing sensitive data. Google will soon release an update to Chrome’s Javascript feature that will improve protection against Spectre attacks, however, browser performance may suffer.

Microsoft has already issued a Windows security update for its Internet Explorer and Edge browser apps labeled “KB4056890” to protect against Spectre. According to Microsoft the update will change the browser’s features to protect confidential information in a device’s CPU. But make sure you check if your device has an AMD chip before using this patch.

Firefox maker Mozilla said its newest apps changed several features to make Spectre attacks more difficult. Released on January 4th, Firefox version 57.0.4 includes the new protections. Mozilla said in a blog post that it is studying additional ways to strengthen security against the attacks. “In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test.”

Apple is planning to release an update to Safari in “coming days” to protect against Spectre. Early tests of the Apple updates showed a minimal impact on browser performance. For additional information on Apple products click here.

 

 

 

 

 

 

 

See and Block Who’s Tracking You Online

canstockphoto19683471Privacy on the Internet is a rare commodity. Currently 85 percent or more of black people are online. Most black people own a smartphone or other mobile device. And most black people have no idea how easy it is to track exactly who you are, where you are, who you call, text or email and pretty much everything else you do online. You are being watched like a prisoner.

Trying to stop this constant tracking is a tough task and the law is no help. Congress and industry have little or no incentive to stop this incessant invasion of privacy. Part of the problem is that consumers have yet to get really angry about this activity.

There are people fighting for your privacy online but its an uphill battle to say the least. The Electronic Frontier Foundation (EFF) and Disconnect, Internet privacy right groups and a group of web companies have lauched a new “Do Not Track” (DNT) standard meant to encourage website owners and advertisers to respect your online privacy. Unfortunately this is a voluntary standard and companies are free to agree, or not to agree, to adhere to the new standard.

Big players like Yahoo! and Microsoft have not come out in favor of the new standard. Microsoft announced in April that it was no longer enabling ‘Do Not Track’ as the default state in Windows Express settings.

A year ago Yahoo! said that ‘Do Not Track’ settings would no longer be enabled on its site saying; “we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.” But Yahoo! has agreed to honor the ‘Do Not Track’ setting on the Firefox browser as part of a search deal. So both companies are openly admitting they are tracking you.

Companies that have agreed to honor the new ‘DNT’ standard include publishing site Medium, analytics service Mixpanel, ad and tracker-blocking extension AdBlock, and privacy search engine DuckDuckGo.

Millions of black people are using social media. And the God of social media is Facebook. But did you know that Facebook is probably the biggest data collector in the history of civilization? Because people are giving it to them.

But who is using Facebook to track your Internet activity? How do you block them?

First of all keep in mind that advertisers may not not know your name and other personal information about you. But that is just a maybe. We don’t know what they know and they ain’t telling. Legally, they don’t have to.

But here are the steps to see and block advertisers that are tracking your Facebook profile from Businessinsider.com.

First go to the settings button on your Facebook page.

Facebook settingsFacebook

Scroll down and click “Settings.”

Facebook settingsFacebook

Inside the settings menu, click on Apps.

Facebook settingsFacebook

This looks like a list of apps that are signed into your account. But pay close attention to the “show all” option at the bottom of the list …

Facebook settingsFacebook

Voila! The list of apps tracking me is so long I have to make this super zoomed-out view to see them all:

Facebook settings

Facebook

On each app, there is an Edit function and a delete “x” mark. Let’s look at what QuizUp, the hot new trivia mobile game app, knows about me.

Facebook settingsSettings

QuizUp knows my email, birthday, and current location. Because it’s a mobile app on my phone, it also knows my phone number. But that’s not all …

Facebook settingsFacebook

Click this little “?” symbol on “basic info” and it turns out that QuizUp is getting a bunch more info about me, too, including a list of all my friends and my profile picture!

Facebook settings

(Source: Businessinsider.com)

You can control this information by clicking on the “x” symbol to delete the app’s access to your Facebook account. That might mean the app won’t work, however.

Review each app to either edit its permissions or delete its access to you on Facebook entirely. It’s a bit time-consuming — but otherwise you’re just giving these people free data.

Another thing black people need to be aware of is that companies are using your email to spy on you. Much of the email you recieve from an advertiser or even a company you do business with is loaded with spying technology.

To see who is tracking your email, or in this case Gmail, you can use a browser extension tool named UglyEmail to see what companies are tracking your Gmail email.

UglyEmail shows you if your email is being tracked. And email being tracked in Gmail will have a tiny eye attached to it. Your inbox will look something like this.

UglyEmail

One of the ways that your email is tracked is a technology known as pixel tracking. Pixel tracking is when a tiny image, about 1 pixel in size, is inserted in an email. The image is invisible to the email recipient but it has a code that tells the server to call the sender when the email is opened.

To block that you can use a browser extension known as PixelBlock. PixelBlock will block that pixel code from transmitting back to the sender. Email with a pixel tracking code have a red eye on them. PixelBlock will also tell you who sent the pixel and how many times they have attempted to track you.

We did mention that Facebook is the greatest collector of data in history didn’t we? Well did you know that Facebook follows you around the Internet even when you are not on the website? How do they do this?

Facebook employs over 200 different trackers that follow your online activity. These trackers come in the shape of cookies, Javascript, 1-pixel beacons, and Iframes. Tracking technologies are used to see what websites you visit, how often you visit them and other interactions with websites.

Not all cookies are used for tracking.  Many Facebook ‘Like’ buttons are used to collect and store information to be used later. Your browser communicates with a server to construct the website you wish to view. This called a request.

But keep in mind that the website you are viewing isn’t the only server your browser is talking to. Trackers from other data collectors, Facebook included, are on the site as well. You have no idea they are tracking you without privacy software. You don’t know they are there and you probably don’t wish to share your personal information with them.

To protect yorself and your information you need to use the do not track function on your browser. It may help but probably won’t competely stop the tracking. You can find a list of the five most secure browsers here.

Choose your privacy setting in the following browsers

Google Chrome

Microsoft Internet Explorer

Apple Safari

We used Facebook as an example of companies that track you online because they are the biggest offender. But undertand this, almost every website has some method of monitoring who visits it. The sometimes sell the information or just hold onto it to better serve you. Just remember AACR Internet rule #8 “There is no privacy on the Internet.”

Now you know.