NUMRET I DISPLAYEN INGEN SÄKERHET

Tar du för givet att det nummer som visas i telefondisplayen också talar om vem som egentligen ringer?
Bedragare som ringer använder ofta en tjänst som kallas för spoofing. Det innebär att de kan ringa från vilket telefonnummer som helst men i din display visas numret till exempelvis din bank. Numret i displayen ses av många av oss som en garanti för att det, i det här fallet, är banken som ringer vilket bedragarna i det här fallet utnyttjar.
Du kan alltså inte lita på att det numret som visas verkligen är den som ringer. Därför ska du vara extra misstänksam när du får oväntade samtal. Be alltid om att få motringa. //Lotta, NBC

https://www.facebook.com/Polisen-bedr%C3%A4geri-546406245370971/?hc_ref=ARQMXe9XB5FBJu5Ppsh0bsTtQlAmNjDBPM9Iq5yh1lb_hyOWTgdF_zj6edCUWu5Yyk8&fref=nf&__xts__[0]=68.ARAczMO3_l-5XyKFJhumm4FlBNIR2DngngzuweMfQm7W6XHP_qhs4jqNSkZS_WPihB4WLHbqIBkNkqP32K8o19y1_mjFx9VPJZoZ3uRyk-L-pOh7wKKWK5-kocCqUHSzrBVhQCc26T_JBRXdykTGgoc9IY8M8WeiFIl_am_IS7cJncfHwWEbPw&__tn__=kC-R

Google wants to get rid of URLs but doesn’t know what to use instead

Their complexity makes them a security hazard; their ubiquity makes replacement nigh impossible.

Sometimes URLs are explicitly typed by users; other times they’re opaque and hidden behind hyperlinks. Some URLs are good for sharing, others aren’t. Sometimes they’re shown on devices with abundant screen space, other times they’re so cramped that only a fragment of the URL can ever be seen.

https://arstechnica.com/gadgets/2018/09/google-wants-to-get-rid-of-urls-but-doesnt-know-what-to-use-instead/

IDN homograph attack

An example of an IDN homograph attack; the Latin letters ”e” and ”a” are replaced with the Cyrillic letters ”е” and ”а”.

The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike (i.e., they are homographs, hence the term for the attack, although technically homoglyph is the more accurate term for different characters that look alike). For example, a regular user of example.com may be lured to click a link where the Latin character ”a” is replaced with the Cyrillic character ”а”.

This kind of spoofing attack is also known as script spoofingUnicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek Ο, Latin O, and Cyrillic О were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks.

https://en.wikipedia.org/wiki/IDN_homograph_attack

A Guide to Common Types of Two-Factor Authentication on the Web

In addition to requesting something you know to log in (in this case, your password), an account protected with 2FA will also request information from something you have (usually your phone or a special USB security key).

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it’s becoming much more common across the web. With often just a few clicks in a given account’s settings, 2FA adds an extra layer of security to your online accounts on top of your password.

https://www.eff.org/deeplinks/2017/09/guide-common-types-two-factor-authentication-web

US, UK, and other governments asks tech companies to build backdoors into encrypted devices

The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don’t, the governments say they “may pursue technological, enforcement, legislative, or other measures” in order to get into locked devices and services.

Tech companies have (also) been wary to comply. Adding a backdoor into their products would inherently mean that their promise of data privacy is broken. It would also open them up to similar requests from other countries, which could use the backdoor access for spying in inappropriate circumstances.

https://www.theverge.com/2018/9/3/17815196/five-eyes-encryption-backdoors-us-uk-australia-nz-canada

Måste rusta cyberförsvaret! Vilket cyberförsvar?

Internet är ett skyttegravskrig idag. Sveriges infrastruktur, svenska företag och myndigheter attackeras kontinuerligt. Sverige har knappt något säkerhetsmedvetande och inget cyberförsvar heller. Det är fel att tro att Försvarsmakten sitter med kamouflagemålade apparater i ett bergrum och skyddar dig mot cyberbrottslingar. Det är du som är cyberförsvaret och det är du som är det främsta målet för attacker. Och det är dina gelikar som struntar i det.

http://www.teknikaliteter.se/2018/09/04/maste-rusta-cyberforsvaret-vilket-cyberforsvar/

Google Secretly Tracks What You Buy Offline Using Mastercard Data

Over a week after Google admitted the company tracks users’ location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.

Google has paid Mastercard millions of dollars in exchange to access this information.

Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.

https://thehackernews.com/2018/09/google-mastercard-advertising.html

What Attorneys and Their Clients Need to Know About Windows 10 and Microsoft’s New Privacy Policies

August 1, 2015

In short, according to Zach Epstein of BGR.com, “Windows 10 is … spying on nearly everything you do.” According to Microsoft, its “consumer products, websites and services” collect information such as

  • your full name, email address, mailing address, and phone number
  • passwords and password hints
  • your age, gender, and occupation
  • the stocks you track
  • credit card numbers and security codes
  • “data about how you interact with [Microsoft’s] services,” such as “the features you use, the items you purchase, the web pages you visit, and the search terms you enter”
  • “data about your contacts and relationships” – but only if you use a Microsoft service “to manage contacts, or to communicate or interact with other people or organizations.” (I’m not sure there’s anyone using a Microsoft system who doesn’t use it to “communicate or interact.”)

It gets worse. Microsoft “collect[s] content of your files and communications” including “the content of your documents, photos, music or video…. It also includes the content of your communications sent or received using Microsoft services, such as the subject line and body of an email, text or other content of an instant message, audio and video recording of a video message, and audio recording and transcript of a voice message you receive or a text message you dictate.” Microsoft “systematically scan[s]” this content “in an automated manner…”

What Attorneys and Their Clients Need to Know About Windows 10 and Microsoft’s New Privacy Policies

Finland ska bli ”en mumindal” för persondata som motvikt till de stora IT-jättarna – My data-rörelsen växer

I dagens läge samlar företag och myndigheter in en hel del data om dig som konsument och medborgare, och använder sig sedan av den utan att du kan påverka situationen desto mer. En ny internationell organisation med hemort i Finland vill ändå ändra på det här.

My Data-rörelsen startade år 2014 efter en datautredning som gjordes vid Kommunikationsministeriet.

https://svenska.yle.fi/artikel/2018/09/02/finland-ska-bli-en-mumindal-for-persondata-som-motvikt-till-de-stora-it-jattarna

Krav på skriftlighet

Om ett företag kontaktar dig via telefon i syfte att ingå ett avtal krävs det att du skriftligen bekräftar erbjudandet för att avtalet ska vara giltigt. Det är alltså inte möjligt att ingå avtal muntligen vid telefonförsäljning.

För det första ska företaget skriftligt bekräfta det anbud de har gett dig på telefon. För det andra ska du skriftligen acceptera företagets anbud. Du är endast betalningsskyldig för produkter om du har gjort en skriftlig bekräftelse. (exempelvis ett kryss i en kryssruta eller svar på mejl räcker!)

Kravet gäller endast samtal som sker på företagets initiativ. Om samtalet på något sätt sker på ditt initiativ faller det utanför tillämpningsområdet.

https://www.hallakonsument.se/tips-for-olika-kop/olika-kopsituationer/telefonforsaljning/krav-pa-skriftlighet/