Alla inlägg av Team Security

Can DuckDuckGo Become the Anti-Google?

”Recently, a privacy-oriented search engine called DuckDuckGo raised $10 million from a Canadian pension fund,” reports Marketplace.org, saying the privacy-focused search engine is ”trying to establish itself as the anti-Google.” An anonymous reader quotes their report:

”So it’s like Google, except when you search on it, you’re completely anonymous,” said Gabriel Weinberg, CEO of the company. The searches are encrypted. The site knows where you are, but only while you’re searching, and it doesn’t store your personal information. ”We serve you the search results and we throw away your personal information…so your IP address and things like that. And we don’t actually store any cookies by default. And so when you search on DuckDuckGo, it’s like every time you’re a new user and we know nothing about you…” Weinberg said about a quarter of Americans have taken some action to protect their privacy, and DuckDuckGo searches have been growing about 50 percent a year. Läs mer

Tips and Practices for Avoiding and Surviving a Malware Infection

Malware is any software that is designed to cause damage to and/or unauthorized access to devices or networks. Malware comes in many forms, all of which can have negative effects on your device and for you.

Common Types of Malware and Their Effects

Ransomware – Ransomware is malware that stops you from being able to access your files, usually by encrypting them, and then requests payment to decrypt the files, restoring your access. Most commonly, ransomware asks for payment in bitcoin, which is a popular cryptocurrency. Unfortunately, paying the ransom does not guarantee restoring access to your files.

Trojan Horses (a.k.a. trojans) – This malware takes its name from the classic story of the Greek army sneaking soldiers into the city of Troy hidden inside a large wooden horse. Trojans of the malware variety behave in much the same way, by appearing to be legitimate apps or software that you want to install. Some trojans allow an attacker full access to your device, others steal banking and personally sensitive information, and others are simply used to download additional malware, like ransomware.

Keyloggers – This type of malware records your keystrokes and sends them to a cyber threat actor, giving them access to your usernames, passwords, and any other sensitive information you have entered using your keyboard. With this information, the cyber threat actor can access your online accounts or commit identity theft.

Tips and Practices for Avoiding and Surviving a Malware Infection

  • Update and patch your devices and software.
  • Never click suspicious or untrusted links. 
  • Only download from trusted sources.
  • Backup your data and be sure the backups are good! 
  • Use antivirus and other protective software on your device. 
  • Configure your devices with some security in mind. 

See the details about each point at;

Avoiding Many Types of Malware

How 4 of the CIS Controls™ Can Help Secure Your Home Network

Facing everything from viruses to malware, home and personal networks can be just as vulnerable to cyber crime as organizational systems. Here are eight tips to help you protect your home network from cyber threats:

https://www.cisecurity.org/blog/cis-controls-help-secure-home-network/?utm_source=organic-twitter

1. Count your devices
2. Inventory all software & apps
3. Run anti-malware/anti-virus
4. Auto-update when possible
5. Share with caution
6. Beware of suspicious emails
7. Use strong, unique passwords
8. Lock down your router

Download the CIS Controls 

Amazon, Apple Servers Completely Compromised by Chinese Hardware Backdoors

For years, security researchers have warned that unscrupulous hardware manufacturers or foreign governments could hijack the manufacturing process, installing backdoors into equipment that would be difficult to detect or stop. Now, we’ve caught the Chinese red-handed, and the fallout could be ugly.

An extensive report from Bloomberg details how Amazon’s investigation into deploying servers manufactured by Elemental Technologies led to the discovery of hardware backdoors smaller than a grain of rice. The chips had been hidden on Supermicro motherboards.

After discovering the chips in 2015, the government spent three years investigating the situation. They’ve determined that the hardware creates “a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”

Amazon, Apple Servers Completely Compromised by Chinese Hardware Backdoors

Amazons reply:
https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/

What if the Bloomberg story is true?

Hard(ware) questions about government hacking: what if the Bloomberg story is true?

Cybersäkerhet: minska risker med upp till 90%

En av de bästa cyberskyddsmetoderna i dagsläget är CIS 20 Critical Controls – en uppsättning gemensamma säkerhetsåtgärder skapade av Center for Internet Security. Kontrollerna minskar risker hos organisationer som använder dem med upp till 90% och skyddar från attacker mot IT-system, nätverk och användare.

https://blogg.knowit.se/security/cybers%C3%A4kerhet-minska-risker-med-upp-till-90-med-cis-20-critical-controls

AI-powered IT security seems cool – until you clock miscreants wielding it too

A survey of 5,000 IT professionals released late last month (sep 2018) revealed three major threats techies believe they will face over the next five years:

  • malicious AI attacks in the form of social engineering,
  • computer-manipulated media content, and
  • data poisoning.

Just four in 10 pro quizzed believed their organizations understood how to accurately assess the security of artificially intelligent systems.

https://www.theregister.co.uk/2018/10/01/can_ai_be_trusted_on_security/

Tim Berners-Lee tells FastCompany about his radical new plan to upend the World Wide Web

This week, Tim Berners-Lee, ”inventor of the World Wide Web”, will launch Inrupt. It’s mission is to turbocharge a broader movement afoot, among developers around the world, to decentralize the web and take back power from the forces that have profited from centralizing it.

On his screen, there is a simple-looking web page with tabs across the top: Tim’s to-do list, his calendar, chats, address book. He built this app–one of the first on Solid–for his personal use. It is simple, spare. In fact, it’s so plain that, at first glance, it’s hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid’s decentralized technology, allows Berners-Lee to access all of his data seamlessly–his calendar, his music library, videos, chat, research. It’s like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp.

The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod–which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations.

“We are not talking to Facebook and Google about whether or not to introduce a complete change where all their business models are completely upended overnight. We are not asking their permission.”
Game on.

https://www.fastcompany.com/90243936/exclusive-tim-berners-lee-tells-us-his-radical-new-plan-to-upend-the-world-wide-web

Minska inbrottsrisken i ditt hem

Tjuvar rekar oftast ett område innan de slår till och har sina knep för att inte väcka uppmärksamhet, exempelvis utklädda till hantverkare.

De flesta inbrott sker på dagen och under årets mörkaste månader, och det vanligaste är att tjuven tar sig in genom att bryta upp ett fönster eller en altandörr på markplan. Tjuvarna letar efter saker som är lätta att dölja och bära med sig, så som guldsmycken, kontanter, pass, paddor.

Åtgärder som gör det svårare för tjuven

  • se över låsen på fönster och dörrar – tjuven väljer bort bostäder där det tar tid att ta sig in och är svårt att komma ut med det stulna.
  • lämna inte redskap utomhus som tjuven kan använda för att bryta sig in, exempelvis en stege.
  • använd säkerhetsdörr och heltäckande brytskydd och spanjolett. Om du är osäker på vad som passar dina behov, fota och fråga en låsmästare.
  • städa inte undan så mycket, lämna disk och tvätt framme.
  • förvara inte värdefulla verktyg och maskiner i förråd med undermåliga lås och dörrar.
  • DNA-märk dina värdesaker så de blir spårbara – märkta föremål är svårare att sälja vidare
  • lås in värdesaker och id-handlingar, t ex passet, i ett certifierat värdeskåp – det finns inga ”bra ställen” som tjuven inte hittar
  • installera ett ljudande larm – det förkortar tiden tjuven har på sig innan hen riskerar att bli upptäckt

https://www.stoldskyddsforeningen.se/privat/sakerhetsradgivning-for-privatpersoner/sakerhet-for-hemmet/

You Gave Facebook Your Number For Security. They Used It For Ads.

Two-Factor Authentication Is Not The Problem

First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.)

But the important message for users is: this is not a reason to turn off or avoid 2FA. The problem is not with two-factor authentication. It’s not even a problem with the inherent weaknesses of SMS-based 2FA in particular. Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations.

https://www.eff.org/deeplinks/2018/09/you-gave-facebook-your-number-security-they-used-it-ads