Monthly Archives: March 2017
Yahoo Security Breaches
Yahoo’s Cyber Security Crisis: What You Need to Know
Hackers Forge Cookies to Steal 32 Million Yahoo Accounts: A Security Breach
Yahoo has faced numerous cyber security crises with high-profile hacking incidents, including one that impacted over half a million account holders. Months later, the company acknowledged another cyber security breach from 2015 that endangered more than half a million account holders.
The United States Securities and Exchange Commission (SEC) confirmed that more than thirty two million Yahoo accounts were hacked in a cookie forging attack that dates back to 2015.
Apparently, hackers used a sophisticated cookie forging exploit which they were able to execute without having to know or use account passwords.
Yahoo will determine which accounts were invaded by hackers that took or used forged cookies and will notify account holders potentially affected by the breach. The tech giant identified and invalidated the cookies which essentially cut off the hackers.
Regarding the cyber security breach involving the cookie forging exploit, Yahoo wrote in SEC filings:
“In November and December 2016, we disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the investigation, we believe an unauthorized third party accessed the Company’s proprietary code to learn how to forge certain cookies. The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016 (the “Cookie Forging Activity”). We believe that some of this activity is connected to the same state-sponsored actor believed to be responsible for the 2014 Security Incident. The forged cookies have been invalidated by the Company so they cannot be used to access user accounts.”
Internal investigation by the SEC determined that Yahoo had enough knowledge of the hacking situation to disclose it in 2014, that several unidentified senior executives of the company failed to “properly comprehend or investigate” the breach and that its legal team should have opened an inquiry about the hacking in 2014. An SEC filing states:
“The Independent Committee found that failures in communication, management, inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident.”
This latest information saved Verizon $350 million in its prolonged negotiations to acquire Yahoo which will be deducted from its initial $4.83 billion buyout offer. Also in light of these recent developments, Yahoo’s Chief Executive Officer (CEO) has agreed to take full responsibility for the oversights and will forgo the annual bonus and equity grant which will be redistributed to Yahoo employees.
Read the recent news about Yahoo here
Problems with WordPress
IT Services in Peril: The Dilemma of Questionable Websites on WordPress.com
IT Services Companies Struggle with Balancing Free Speech and Cyber Security in the Wake of Terrorist Activities
It’s not surprising that IT security is a major concern for tech companies based in the United States, as they are favorite targets of cyber hackers and can unknowingly become breeding grounds for nefarious activities that include global terrorism. These activities focus on American tech companies because they provide the infrastructure necessary for extremist groups around the world to thrive and prosper, while they tread closely on the edge of free speech that is valued and protected by the First Amendment to the U.S. Constitution.
American society highly values the right to free speech and tech companies worldwide are now struggling to determine where free speech crosses the line into something altogether different that can be used for dangerous and nefarious purposes.
One of the latest victims is WordPress.com, which is a free hosting site for any website built with WordPress. Executives of the tech giant are now grappling with that issue after the non-partisan advocacy and research group known as the Counter Extremism Project (CEP) identified WordPress.com as host to a number of questionable websites.
WordPress.com has been identified as a hosting source of websites that feature violent videos (firing squads, beheadings) and dangerous terrorist propaganda that many find offensive and outside the scope of free speech.
Safety is important to us
Automattic is the parent company of WordPress.com and its spokesperson issued a statement saying “While our service is designed to enable users to freely express their ideas and opinions, however controversial, safety is important to us. As such, we don’t allow websites of known terrorist groups or genuine calls for violence against individuals or groups on WordPress.com.” The CEP’s research contradicts that statement and executives at WordPress.com are currently investigating the matter.
The CEP shared correspondence from a WordPress.com employee who identified himself as “Sal P.,” who indicated “WordPress.com is deeply committed to free speech and will not take content down just because we find it offensive or disagree with the point of view,” adding that a review will be conducted of those individuals or groups that CEP alleges maintain iffy websites on WordPress.com and appear on the federal government’s “Specifically Designated Nationals and Blocked Persons List.”
David Ibsen is the Executive Director of CEP and he told The Washington Post “In our experience dealing with tech companies, when they don’t want to do something, they talk about free speech, and when they want to do something, they talk about terms of service.”
Whatever you want to call it, executives at WordPress.com have a huge problem on their hands, as well as plethora of other vulnerable American tech companies.
For IT management and security consulting services contact us.
Is Alexa Spying on You?
Alexa: Amazon’s Revolutionary Virtual Personal Assistant
Amazon’s contributions to the tech world continue with the introduction of Alexa which is a “virtual personal assistant” that uses Amazon Echo (hands-free speaker system) to provide audio to multiple electronic devices for purposes of asking and receiving responses to a variety of questions. Alexa can also be used for playing music and audiobooks, setting alarms, creating “to do” lists, providing real time information about traffic and weather and other voice interaction capabilities.
Alexa can also act as a “hub” for several “smart” electronic devices which operate using various wireless protocols. Most of those devices allow activation of Alexa by speaking a “wake word” but some require users to push a button to activate Alexa’s listening capabilities. Currently Alexa is only available in English and German languages.
Alexa has created a lot of buzz about privacy issues and questions as to whether or not the device can be used for nefarious spying purposes. After WikiLeaks revealed that the Central Intelligence Agency (CIA) employs a huge arsenal of remote hacking tools, registered users of the website Reddit.com raised the issue of Alexa’s possible collaboration with the CIA. Reddit.com is a website that allows registered users called Redditors to submit content in a variety of forms and those submissions are voted up or down by fellow-Redditors to organize posts and determine where they rank and appear within the website under a variety of categories.
One of the recent submissions was a video clip that poses questions to Alexa with regard to its connection to the CIA in which viewers can hear a woman ask “Alexa, would you lie to me?” to which the device responds “I always try to tell the truth. I am not always right but I would never intentionally lie to you or anyone else.”
The anonymous lady posing the questions in the video then asks “Alexa, what is the CIA?” to which the device immediately responds “The United States Central Intelligence Agency, CIA.” She then asks “Alexa, are you connected to the CIA?” A noise can be heard that resembles the dull “dunk” sound you hear when you click on something that can’t be viewed but Alexa offered no answer. The lady asks the same question again and gets the same sound and no answer, which is completely atypical of the device’s normal response capabilities.
Some folks give Alexa the benefit of the doubt suggesting that it doesn’t respond because it’s experiencing some kind of problem registering the question but others fear the device didn’t know how to respond and is actively recording and spying on them.
Interestingly, Redditors got the same response from other virtual assistants known as Google Now and Apple’s Siri. When they asked Google Now “Are you connected to the CIA?” the device responded “Me? I don’t know.” Similarly, when Redditors asked Siri the same question, the device responded “I can’t answer that.”
It’s not surprising that this video has unleashed a flurry of conspiracy theories about the CIA using multiple electronic devices, including telephones and televisions, to spy on people. Contributing to the conspiracy theories is the fact that it is well known that Amazon has previously worked with the CIA, including in 2014 when the agency paid $600 million for Amazon to develop a cloud computing infrastructure designed to specifically meet the needs of the CIA. Recently Amazon also became involved in a murder trial during which it claimed First Amendment rights to requests for releasing recordings that Alexa might have in relation to the case.
Most companies don’t want to alienate clients by collaborating to exchange information with any government agency but a few have been known to do so in addition to Amazon, including Yahoo which is suspected of being in cahoots with the FBI and NSA by providing user data to those intelligence agencies.
The liberal voice for world, business and sports news, reviews, opinions and analyses known as The Guardian indicated in 2014 that Amazon is also not particularly careful about protecting private user information which promotes and contributes to the perpetuation of conspiracy theories about Alexa.
Amazon attempted to quell conspiracy implications by releasing a statement about the video reviewed by Reddit saying:
“This was a technical glitch which we have fixed. Alexa’s response to this question is:
” Are you connected to the CIA?
“No, I work for Amazon.”
Mitigating Privacy Risks: The Importance of Cyber Security Consulting for Virtual Personal Assistants
In light of privacy concerns surrounding virtual personal assistants such as Amazon’s Alexa, it’s important to consider the potential risks and how to mitigate them. Cyber security consulting can play a crucial role in helping individuals and businesses protect their sensitive information from unauthorized access or data breaches. These services may include conducting security assessments to identify vulnerabilities, developing security policies and protocols, implementing encryption and other data protection measures, and providing ongoing monitoring and support to prevent and address security incidents. By working with a cyber security consultant, individuals and organizations can take proactive steps to safeguard their privacy and mitigate the risks associated with using emerging technologies like Alexa. Give us a call today to find out more about our services.
Next Generation iPhones
IT Consultants Empower Apple’s Next Generation iPhones with Enhanced Face Detection
What’s in Store for Apple’s Next Generation iPhones? IT Consultants Drive Enhanced Face Detection Technology!
What could Apple possibly come up with to incorporate into its next generation iPhones that will make everyone want the updated version? Well, according to the U.S. Patent and Trademark Office, the tech giant has applied for and been issued a Patent for a technology that enables “enhanced face detection using depth information.” That should do it!
The tech giant will use specifically modified software and hardware modules in its newest iPhone creation. According to the Patent and Trademark Office, Apple’s new technology will be available for both still images and videos.
The Patent Application indicates that the new technology uses a combination of camera modules, depth sensors and computer imagery to produce “depth maps” which it uses to accurately identify human faces that appear in the image. Apparently, the new technology breaks down the image into smaller frames or “windows” and then selects one or more in which to “test for presence of human faces.”
The feature uses depth information to make the identification process easier and more accurate, but becomes less reliable when more faces appear at varying depths and locations within the image/video, which could contribute to false detection issues, according to the Patent and Trademark Office.
This news comes amid rumors that c may be ramping up its reality capabilities and might introduce an innovative 3D selfie camera, which will rely on infrared modules that are capable of projecting patterns of optical radiation into images that will allow the device to split the image or video into depth maps.
Until the announcement is made by Apple, these innovative features are pure conjecture but, if and when the new technology becomes available, it will only be included on premium iPhone models and is expected to also have a premium price of over $1000.
The Intersection of Technology Advancements and IT Consultant
It’s interesting how technology advancements like Apple’s new face detection technology can impact different industries, such as IT consulting. With the introduction of new features and capabilities in smartphones, there will be a growing demand for IT consultants to help individuals and businesses navigate and optimize the use of these technologies. In today’s fast-paced and ever-changing tech landscape, having the right IT support is essential for staying competitive and efficient. So, while Apple’s new technology may not directly relate to IT consulting, it’s a reminder of the importance of staying up-to-date with the latest tech advancements and seeking the right expertise to fully utilize them.
App Blocking by Microsoft
Strengthening IT System Security: Analyzing Microsoft’s App Blocking Feature
The rapid evolution of IT systems and the increasing number of cyber-attacks have made it critical for technology companies to ensure the security of their products. This post will discuss the benefits of Microsoft’s app blocking feature and how it is likely to improve the security of its IT system.
Microsoft is a giant in the technology field and leads the way in development of new innovative software programs designed to make every aspect of life easier.
Because it manufactures so many popular applications, Microsoft software programs have become a lucrative target for computer hackers who target Microsoft users in order to gain access to millions of computers (unbeknownst to computer users worldwide) that hold a plethora of valuable personal and confidential information.
In an effort to curb the nefarious hacking that has plagued Microsoft users worldwide and in an attempt to get customers to use options offered in its “Windows Store” more often, Microsoft is currently evaluating an innovative function for Windows 10 that prevents installation of desktop apps unless they come directly from the official Microsoft Windows Store.
The move by Microsoft to evaluate and implement a new feature for Windows 10 that prevents the installation of desktop apps unless they come from the official Microsoft Windows Store is a significant step towards improving IT system security.
When enabled this option will prevent computer users from installing classic Win32 applications, which include many popularly used programs like Google Chrome and Adobe Photoshop. Win32 is the programming interface used for 32-bit and 64-bit Windows Operating Systems, starting with Windows 95.
Enhancing App Security: Microsoft’s New Feature for Windows 10
This new feature limits the scope of apps users can install and may be very useful to newbies since they are much less likely to install malware on their electronic devices. The Windows Store offers apps to meet most of their needs and newbies can also get a variety of Win32 apps from the Windows Store using Microsoft’s Desktop App Converter.
The new feature is disabled by default in Windows 10, but users can easily enable it if they choose by going to the Apps and Features category and selecting Settings. Users will have the option of allowing or blocking installation of Win32 apps altogether as well as an alternative that gives priority to apps from the Windows Store without blocking standard desktop applications (which will result in a prompt asking for approval of the installation anytime you run a non-Windows Store app).
Users who enable the feature and then attempt to install a Win32 app will get a warning in the form of a dialog box that reminds them that the Windows Store is the only “safe and reliable” place to obtain software.
Microsoft is expected to release the Windows 10 Update in April, 2017 which will include a variety of other new features for use in Windows 10.
Microsoft is also developing an update for its IT system, specifically for Windows 10, which aims to create a truly universal operating system for electronic devices by prohibiting users from installing any Win32 apps. The move is aimed at improving the security of its IT system by restricting access to potentially harmful software that could compromise the system’s integrity.