NUMRET I DISPLAYEN INGEN SÄKERHET

Tar du för givet att det nummer som visas i telefondisplayen också talar om vem som egentligen ringer?
Bedragare som ringer använder ofta en tjänst som kallas för spoofing. Det innebär att de kan ringa från vilket telefonnummer som helst men i din display visas numret till exempelvis din bank. Numret i displayen ses av många av oss som en garanti för att det, i det här fallet, är banken som ringer vilket bedragarna i det här fallet utnyttjar.
Du kan alltså inte lita på att det numret som visas verkligen är den som ringer. Därför ska du vara extra misstänksam när du får oväntade samtal. Be alltid om att få motringa. //Lotta, NBC

https://www.facebook.com/Polisen-bedr%C3%A4geri-546406245370971/?hc_ref=ARQMXe9XB5FBJu5Ppsh0bsTtQlAmNjDBPM9Iq5yh1lb_hyOWTgdF_zj6edCUWu5Yyk8&fref=nf&__xts__[0]=68.ARAczMO3_l-5XyKFJhumm4FlBNIR2DngngzuweMfQm7W6XHP_qhs4jqNSkZS_WPihB4WLHbqIBkNkqP32K8o19y1_mjFx9VPJZoZ3uRyk-L-pOh7wKKWK5-kocCqUHSzrBVhQCc26T_JBRXdykTGgoc9IY8M8WeiFIl_am_IS7cJncfHwWEbPw&__tn__=kC-R

Google wants to get rid of URLs but doesn’t know what to use instead

Their complexity makes them a security hazard; their ubiquity makes replacement nigh impossible.

Sometimes URLs are explicitly typed by users; other times they’re opaque and hidden behind hyperlinks. Some URLs are good for sharing, others aren’t. Sometimes they’re shown on devices with abundant screen space, other times they’re so cramped that only a fragment of the URL can ever be seen.

https://arstechnica.com/gadgets/2018/09/google-wants-to-get-rid-of-urls-but-doesnt-know-what-to-use-instead/

IDN homograph attack

An example of an IDN homograph attack; the Latin letters ”e” and ”a” are replaced with the Cyrillic letters ”е” and ”а”.

The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack, although technically homoglyph is the more accurate term for different characters that look alike). For example, a regular user of example.com may be lured to click a link where the Latin character ”a” is replaced with the Cyrillic character ”а”.

This kind of spoofing attack is also known as script spoofingUnicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek Ο, Latin O, and Cyrillic О were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks.

https://en.wikipedia.org/wiki/IDN_homograph_attack

A Guide to Common Types of Two-Factor Authentication on the Web

In addition to requesting something you know to log in (in this case, your password), an account protected with 2FA will also request information from something you have (usually your phone or a special USB security key).

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it’s becoming much more common across the web. With often just a few clicks in a given account’s settings, 2FA adds an extra layer of security to your online accounts on top of your password.

https://www.eff.org/deeplinks/2017/09/guide-common-types-two-factor-authentication-web

US, UK, and other governments asks tech companies to build backdoors into encrypted devices

The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don’t, the governments say they “may pursue technological, enforcement, legislative, or other measures” in order to get into locked devices and services.

Tech companies have (also) been wary to comply. Adding a backdoor into their products would inherently mean that their promise of data privacy is broken. It would also open them up to similar requests from other countries, which could use the backdoor access for spying in inappropriate circumstances.

https://www.theverge.com/2018/9/3/17815196/five-eyes-encryption-backdoors-us-uk-australia-nz-canada

Måste rusta cyberförsvaret! Vilket cyberförsvar?

Internet är ett skyttegravskrig idag. Sveriges infrastruktur, svenska företag och myndigheter attackeras kontinuerligt. Sverige har knappt något säkerhetsmedvetande och inget cyberförsvar heller. Det är fel att tro att Försvarsmakten sitter med kamouflagemålade apparater i ett bergrum och skyddar dig mot cyberbrottslingar. Det är du som är cyberförsvaret och det är du som är det främsta målet för attacker. Och det är dina gelikar som struntar i det.

http://www.teknikaliteter.se/2018/09/04/maste-rusta-cyberforsvaret-vilket-cyberforsvar/

Swedish Public Healthcare Portal ”1177” is sending your symptoms to Google

Rick Falkvinge, Feb 18, 2018

The Swedish Public Healthcare portal 1177 — named so for historical reasons, since that is the Swedish “Dial-a-Nurse” phone number — is sending all your searches for embarrassing symptoms and sensitive medications to Google. Not as part of the search, ironically enough; it’s being sent to Google as part of Google Analytics, as seen in the screenshot below:

Läs mer

Kaspersky software ’used by Russian state hackers to trawl for US secrets’

Popular anti-virus software used by hundreds of thousands of people and businesses in Britain was reportedly hijacked by Russian government hackers to trawl for American secrets. <…>

Computer users must give their anti-virus software widespread access to files so they can be scoured for viruses. But such access potentially makes the software a perfect “backdoor” for hackers, according to computer experts. Läs mer