Googles' Orwellian Surveillance:
- Over 3.5 billion Google searches occur daily for 1.2 trillion searches each year
- Generally the first few results for your search are paid advertisements, but that's not obvious to most people
- When you click an ad, your query is sent to search engine marketers, where it stored forever, just like the search query
- The amount of information Google collects is substantial
- Since you began using Google they've been building a dossier that includes:
- Voice search history
- Every
- Google search you’ve ever made
- ad you’ve seen or clicked on
- location you've visited over the last year
- image you’ve saved
- email you’ve sent via Gmail
- Google acquired Mastercard credit card data to include your offline purchases. In fact, Google has acknowledged access to about 70% of U.S. credit and debit card sales through "third-party partnerships"
- Read more here: https://medium.com/s/story/the-complete-unauthorized-checklist-of-how-google-tracks-you-3c3abc10781d
Experts warn of the dangers of the metaverse:
- "The metaverse (a portmanteau of "meta-" and "universe") is a hypothesized iteration of the internet, supporting persistent online 3-D virtual environments through conventional personal computing, as well as virtual and augmented reality headsets." - Wikipedia
- The term metaverse was coined in Neal Stephenson's 1992 science fiction novel Snow Crash
- Dr. David Reid, Professor of AI and Spatial Computing at Liverpool Hope University said "The metaverse has huge implications – it comes with fantastic advantages and terrifying dangers"
- Professor Reid worries about all the data that could be collected and who controls it
- In the not too distant future, everything you do or say could be tracked in the metaverse
- Reid said "The metaverse’s ultimate aim is not just virtual reality or augmented reality, it’s mixed reality (MR). It’s blending the digital and the real world together. Ultimately this blend may be so good, and so pervasive, that the virtual and the real become indistinguishable"
- Reid warned that avatars could be hacked leading to fraud
- When describing the metaverse, Zuckerberg said "This isn’t about spending more time in screens. It’s about making the time we already spend better"
- Facebook has rebranded its parent company as Meta
- Meta’s VR boss Andrew Bosworth said "The metaverse is a set of virtual 3D spaces where you can share immersive experiences with each other when you can’t be together"
- You will be immersed in it and interact with it, including games, social networks, videos, shopping, health and fitness and maybe even jobs
- Facebook’s Oculus VR is an early attempt
- Zuckerberg thinks that the true metaverse will be ready within the decade, Meta has poured billions of dollars into it and vowed to hire another 10,000 staff to work on the project.
Password spraying attacks on the rise per Miscrosoft:
- Hackers continue to target accounts that will give them access to internal systems
- CISA has warned the hackers behind the SolarWinds were also password guessing and password spraying administrative accounts for access
- Microsoft said "Instead of trying many passwords against one user, they try to defeat lockout and detection by trying many users against one password"
- Password spraying helps avoid account lockouts
- Microsoft estimates more than 1/3rd of account compromises are password spraying attacks
- Microsoft's Detection and Response Team (DART) said "Recently, DART has seen an uptick in cloud administrator accounts being targeted in password spray attacks"
- DART outlined two techniques. The first, "low and slow" is when attackers use "several individual IP address to attack multiple accounts at the same time with a limited number of curated password guesses"
- The second technique uses previously compromised credentials. Per Microsoft, "Attackers can utilize this tactic, also called 'credential stuffing,' to easily gain entry because it relies on people reusing passwords and usernames across sites"
- Authentication protocols that can't enforce multi-factor authentication make these attacks easier
- Administrator and C-Level accounts are especially valuable to attackers
- Microsoft also warned that that Nobelium was "targeting privileged accounts of service providers to move laterally in cloud environments, leveraging the trusted relationships to gain access to downstream customers and enable further attacks or access targeted systems"