Facebook announces Privacy-setting changes.

Facebook announces Privacy-setting changes.

Amid the uproar and corresponding drop in the price of its stock, Facebook has redesigned the settings menu on mobile devices to make it easier for users to control.  Previously the settings were spread across 20 screens.  Now you can find all the settings accessible from a single place.

The enhancements include:

New Privacy Shortcuts menu. People have also told us that information about privacy, security, and ads should be much easier to find. The new Privacy Shortcuts is a menu where you can control your data in just a few taps, with clearer explanations of how our controls work. The experience is now clearer, more visual, and easy-to-find. From here you can:

Make your account more secure: You can add more layers of protection to your account, like two-factor authentication. If you turn this on and someone tries to log into your account from a device we don’t recognize, you’ll be asked to confirm whether it was you.

Control your personal information: You can review what you’ve shared and delete it if you want to. This includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook.

Control the ads you see: You can manage the information we use to show you ads. Ad preferences explain how ads work and the options you have.

Manage who sees your posts and profile information: You own what you share on Facebook, and you can manage things like who sees your posts and the information you choose to include on your profile.

https://newsroom.fb.com/news/2018/03/privacy-shortcuts/

and,

Playboy Latest to Delete Facebook Amid Data Handling Fallout

Playboy announced its intention to deactivate its Facebook accounts and leave the social network amid escalating concerns about the platform’s mismanagement of user data.

The publisher said that the decision follows the difficulty it has felt for years to express its "values" on Facebook, due to the platform’s policy on prohibiting nudity.


https://www.bloomberg.com/news/articles/2018-03-28/playboy-latest-to-delete-facebook-amid-data-handling-fallout

Six days after a ransomware cyberattack, Atlanta officials are filling out forms by hand

In the past year, the City of Atlanta has experience 124 malware attacks per day, which equals 45,579 a year.  20 attacks were successful which shows that no matter what methods you employ to prevent a successful exploit, the weakest link is in the seat.  1 breach can spread to thousands of computers and that is the task security experts and techs are now having to perform.  The task of checking servers, desktops, and notebooks could take weeks if not months to complete.

If the city were to pay the $50,000 in cryptocurrency to the criminals it has to be sure that all computers are clean of the malware to prevent it from being held hostage again after payment.

Now it appears that another metro area city has the same problem.  Loganville on Monday said that an attack on a city computer may have compromised personal information.

A post on the city's Facebook page spelled out there is no evidence the hackers took information that would include Social Security numbers and financial account numbers but acknowledged whoever pulled off the attack, would have had access to such information.

http://accesswdun.com/article/2018/3/652779/loganville-city-government-victim-of-cyber-attack

Office 365 and Cloud Security - Passwords

Office 365 is a great product and the subscription model provides services and up to date software on an affordable monthly basis.  It like other cloud services have become the norm for a lot of businesses as internet speed approaches what use to be the standard for in-house LANs, 100 Mbps.

It is this connection speed that has allowed the "cloud" to become ubiquitous in today's business climate.  But the cloud is not some magical new device, it is actually a server owned by someone else located somewhere else.  In the past it was imperative we protect a business server from attack via strong passwords, firewalls and/or virus software.  Hackers were searching public IP addresses for Exchange, SQL and other servers to attack.  They still are and Office 365 is a prime target.  Although the online services scan the incoming email for malicious content, not all is prevented from getting through.  Users constantly receive email phishing attempts trying to coerce them out of their login info by verifying the account to a bogus link.

I have one client who I provide accounting software/services who use Office 365 purchased by their in-house IT department.  He told me the phishing/spam seemed to increase when they switched to the online service.  They too had an account hacked in an attempt to steal money.

In the past month, 2 different clients of mine had their Office portal passwords compromised.  These were not obvious passwords either.  In one case the hacker worked silently and studied the email in the inbox gleaning the firm's banker information and other data that could be used for financial gain.  The hacker then created inbox rules so that any incoming emails that contained information related to the banker's email address or containing words such as "wire transfer" was forwarded to a Gmail account and then deleted so the compromised account holder wasn't aware of his actions.  The information gathered allowed the hacker to act on behalf of the compromised user for certain actions.  The hacker then attempted a wire transfer which the alert banker was suspicious of because the signature block was normal and it was not the standard operating procedure for the firm.

When I was contacted we immediately changed her portal password and upon analysis of the email determined the origin of the IP address was Nigeria.  Changing the password stopped any further meddling by the hacker but we still did not know about the rules the hacker had created.

The company also used an online recruiting firm to fill positions in the firm.  The hacker had created a rule to divert email from the recruiting agency to the Gmail account and then delete the email to hide his actions.  Next, the hacker requested a password reset which was forwarded to the Gmail account.  The password was changed thus allowing the attacker access to the firm's account with the recruiting firm.

This was discovered when an applicant contacted the firm about a position that was advertised online.  When the administrator attempted to log in the password did not work.  After multiple requests for a password reset the administrator discovered the password reset emails in her deleted items.  The hacker's reward was a charge to a credit card with funds diverted to the hacker.

In the second case, the compromised account was used to spam email containing a link to a malicious payload to anyone who clicked on it.  It was disguised as a Purchase Order needing approval.  In this attack, the hacker had created rules to delete any returned emails marked as "Undeliverable" to hide the fact that the account was being used to send spam.

Solutions:

Since the attack. we have changed all passwords at the first client using passwords generated by Microsoft and reimplemented the policy of changing passwords every 90 days.

I hear a lot of complaints about having to use/change passwords but in today's online environment it is imperative that you use strong passwords, change them periodically and do not use the same password for everything.  If you have your email account hacked, I know you do not want to run the risk your banking account is now vulnerable.

If you have a lot of passwords and find the task too frustrating to maintain, consider a password management software such as dashlane or Lastpass to help.  For an annual fee, you will only have to remember 1 password, the master password to the password manager itself.  Below is a link to an article about the best password managers for 2018.

https://www.tomsguide.com/us/best-password-managers,review-3785.html


Crypto-currency News

oh man! crypto-currencies continuing to tank. Be careful trying to catch a falling knife. I'm looking to get back in, it's hard to get into Ripple XRP, my experience.

https://www.cnbc.com/2018/03/15/bitcoin-price-over-60-billion-wiped-off-value-of-cryptocurrencies.html

https://www.politico.com/magazine/story/2018/03/09/bitcoin-mining-energy-prices-smalltown-feature-217230

https://www.msn.com/en-gb/news/world/a-new-york-town-just-placed-a-moratorium-on-crypto-mining/ar-BBKiZdv


New Intel Gen 7 & Gen 8 computers!