Tech Friday

posted by Brian Thomas - 

  • Facebook privacy scandal:
    • You are not a customer to Facebook, you are the product. If you're not paying with money, you're paying with data
    • Is it time to delete Facebook? Many people think so and the hashtag #deleteFacebook has been trending on Twitter
    • Many high profile people and businesses have left Facebook, for example, Elon Musk deleted the SpaceX and Tesla pages
    • A whistleblower recently revealed that data analytics firm Cambridge Analytica harvested data from 50 million Facebook profiles 
    • The data was collected by a personality prediction Facebook app called "thisisyourdigitallife"
    • Personal data captured included profile names, locations, and information on users friends and the content they liked
    • Aleksandr Kogan, a psychology professor working with Cambridge Analytica built a personality app to capture Facebook data
    • The app captured data from 270,000 Facebook users who took the online personality quiz
    • Facebook's APIs allowed the app to collect a broad range of information about each user's friends, which was known as the "Friends Permission"
    • Since the average Facebook user has hundreds of friends, the app was able to capture data for roughly 50 million Facebook
    • Facebook claims that Kogan said he was collecting data for academic purposes but he shared it with Cambridge Analytica
    • You can disable sharing information with 3rd Party apps on the Facebook App Settings page
    • This page displays apps that are connected to your Facebook account
    • While you can disable individual apps, you can also disable the Facebook App platform which disables all access to third party apps
    • Unfortunately, it also breaks the ability to use Facebook to log in to other sites
    • Unfortunately, the data already collected is out there and there little you can do about it
    • On the heels of the Cambridge Analytica scandal, Ars Technica cited several users who discovered the Facebook app was capturing metadata about phone calls and text messages on Android phones
    • I deleted the Facebook app from my phone months ago, and have never used any of their messaging apps
    • You can also limit information collected by the Facebook website by using a browser in Incognito mode and/or using Tor
    • You can download an archive of all the information that Facebook has collected about you
    • Click the down arrow at the top of your profile then choose Settings. You will see a link that says "Download a copy of your Facebook data"
    • To disable Facebook apps or the App platform, click the down arrow at the top of your profile then choose Settings. Then click Apps.
    • Get more information from Facebook here: https://www.facebook.com/help/121070141307903 and here: https://www.facebook.com/help/211829542181913/
  • Latest Microsoft patches:
    • "Patch Tuesday" refers to Microsoft's regular releases of software updates (aka "patches" or "fixes") for Windows and other products that typically occur on the second and occasionally on the fourth Tuesday of each month
    • Microsoft (MS) has a rating system for vulnerabilities that includes the following categories: (https://technet.microsoft.com/en-US/security/gg309177.aspx)
    • § Critical
    • § Important
    • § Moderate
    • § Low
    • Critical and other updates may be released outside Patch Tuesday as necessary to address urgent vulnerabilities and flaws
    • Daily updates of anti-malware definitions are made for Windows Defender
    • The updates fix 18 flaws, 9 marked critical
    • It's very important to install these patches because the January and February patches designed to solve the Meltdown flaw created an even worse problem
    • Security researcher Ulf Frisk discovered a kernel bug that allows any process to read and write anywhere in kernel memory. Frisk said "Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse … It allowed any process to read the complete memory contents at gigabytes per second, oh – it was possible to write to arbitrary memory as well"
    • Frisk reported that the flaw affects Windows 7 x64 and Windows 2008R2 with the January or February patches
    • Frisk advised all admins and users of Windows 7 and Windows 2008R2 to install Microsoft's March patch immediately. Windows 10 and Windows 8.1 are not affected 
    • On a related note, security company Webroot has reported that Windows 10 is nearly twice a secure as Windows 7
    • You can view the full list of updates here: https://docs.microsoft.com/en-us/security-updates/SecurityBulletinSummaries/2017/ms17-mar
  • Latest Android patches
    • Google has published its March Android security bulletin outlining vulnerabilities, 9 of which are ranked "Critical" in the March 01 patch level
    • The most severe issue is a flaw in the Media framework that could allow a specially crafted file to execute arbitrary code with elevated priveleges
    • There are three other critical vulnerabilities in the Media framework that allow remote code execution or elevated privileges
    • There are four critical vulnerabilities that affect the System and allow remote code execution
    • There is one critical vulnerability that affects Qualcomm components
    • There are two critical bugs in the March 05 patch level, both affect Qualcomm components are could allow remote code execution
    • There are eight "High" vulnerabilities in the March 01 patch level. Two affect the Media framework and could allow elevation of privileges
    • The rest affect System and could allow information disclosure
    • In the March 05 patch level, there are 18 flaws ranked high. The worst can lead to remote code execution
    • Google said they have no reports of exploitation of these vulnerabilities in the field so far
    • You should check for these updates and apply them as soon as they are available for your device
    • You can read the full bulletin here: https://source.android.com/security/bulletin/2018-03-01
    • To check your version and patch level, read this: https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here