Tech Friday

posted by Brian Thomas - 

  • Microsoft July 2018 patches fix 50+ vulnerabilities:
    • "Patch Tuesday" refers to Microsoft's regular releases of software updates (aka "patches" or "fixes") for Windows and other products that typically occur on the second and occasionally on the fourth Tuesday of each month
    • Microsoft (MS) has a rating system for vulnerabilities that includes the following categories: (https://technet.microsoft.com/en-US/security/gg309177.aspx)
      • Critical
      • Important
      • Moderate
      • Low
    • Critical and other updates may be released outside Patch Tuesday as necessary to address urgent vulnerabilities and flaws
    • Daily updates of anti-malware definitions are made for Windows Defender
    • Microsoft’s July patch includes 14 updates to correct more than 50 security flaws across 15 Microsoft products including Windows, Edge, Explorer, Office and the .NET Framework
    • 17 of these vulnerabilities are ranked "Critical" and can result in Remote Code execution
    • 34 are rated "Important", one is rated "Moderate" and one is rated "Low"
    • Microsoft also provided patches for Flash
    • Qualys reported the critical fixes all apply to vulnerabilities Internet Explorer and Edge 
    • Adobe also released many patches covering many Adobe products
    • Vulnerabilities in Acrobat, Reader, and Flash have been marked as critical
    • It's a good idea to apply these updates as soon as possible
    • It’s also a good idea to back up your system before applying updates
    • Learn more here: https://portal.msrc.microsoft.com/en-US/security-guidance
  • Homographic domains foster Phishing scams:
    • Homograph: "a word of the same written form as another but of different meaning and usually origin, whether pronounced the same way or not" - Dictionary.com
    • Cybercriminals are registering domains names with characters other than Basic Latin, but which look very similar to well-known, legitimate domain names 
    • These are known a Internationalized Domain Names (IDNs). The IDNs facilitate a multi-lingual Internet
    • In many cases, fake domains are very difficult to distinguish from legitimate domains, leading to users who become victims or various forms of cybercrime
    • Farsight Security reported that for every 1 top brand there are nearly 20 homographic IDNs registered
    • IDNs leverage something known as Punycode transcription
    • Uber Hacker Kevin Mitnick's company KnowBe4 provides this example: ameriсanexpress.com
    • It looks harmless, but has one critical flaw, the "c" is actually the Cyrillic character for "s". When you click the link, you will not go to American Express
    • To avoid falling prey to these scams:
      •  Be extra vigilant when clicking unsolicited links
      • Mouse over each link and carefully examine status bar to see where the link points
      • Use an email scanner based on domain reputation
  • Facebook’s facial recognition push alarms privacy experts:
    • Chicago resident Carlo Licata didn’t realize that every time he was tagged on Facebook, his digitized face was stored in Facebook's massive Facial Recognition (FR) database
    • Facebook's FR works by scanning faces of unnamed people in photos or videos in an attempt to match them to a database of named people
    • Facebook has said: "You control face recognition"
    • Privacy experts have warned that Facebook scans the faces in photos even when FR is disabled
    • "Facebook tries to explain their practices in ways that make Facebook look like the good guy, that they are somehow protecting your privacy" said Jennifer Lynch from the Electronic Frontier Foundation
    • Lynch went on to say "But it doesn’t get at the fact that they are scanning every photo"
    • Licata sued Facebook in 2015 as part of a class action lawsuit filed in Illinois
    • The lawsuit was granted class action status in May of this year and could cost Facebook billions
    • The ongoing lawsuit accuses Facebook of violating a strict Illinois law that prohibits collection of biometric data without permission
    • Facebook spokesperson Rochelle Nadhiri said Facebook's process analyzes faces in users’ photos against those who have FR enabled. If a match is not found, the facial data is deleted
    • Facebook has argued that the Illinois law doesn’t apply to them
    • At the same time, Facebook has been working hard to ensure that other states don't enact laws similar to the Illinois law
    • Why? Allied Market Research forecasts that the FR market will grow to $9.6 billion by 2022
    • Proponents view FR as a high-tech tool to catch criminals, civil liberties experts warn of  surveillance
    • While many of these companies oppose new privacy legislation that protects consumer data, privacy advocates point to Facebook as especially aggressive in opposing all forms of privacy regulation and we're well aware of recent Facebook privacy scandals
    • At present, there is no federal law that regulates biometric data
    • In 2015 the Government Accountability Office said "privacy issues that have been raised by facial recognition technology serve as yet another example of the need to adapt federal privacy law to reflect new technologies"
    • Facebook claims they won’t ever sell user data. But they can monetize facial recognition in other ways
    • Facebook is working on advanced technology that can identify people even when their faces are obscured 
    • Facebook is working to analyze photographs using artificial intelligence to learn about users’ hobbies, preferences, and interests
    • This could be used to deliver ads. For example, a user in a boating photo could be sent ads for boating equipment
    • Larry Ponemon from the Ponemon Institute said "The whole Facebook model is a commercial model, gathering information about people and then basically selling them products"
    • Facebook has filed patents on delivering ads based on users’ facial expressions
    • Many privacy and technology experts are warning about this technology. Joseph Atick, one of the people who helped develop the technology said "It pains me to see a technology that I helped invent being used in a way that is not what I had in mind in respect to privacy"
    • Lawmakers at the Federal and state level are beginning to pay attention. Former Congressman Jason Chaffetz (R-UT) warned facial recognition “can be used in a way that chills free speech and free association by targeting people attending certain political meetings, protests, churches or other types of places in public.”
    • Lawmakers at all levels are being lobbied hard to prevent new protections
    • If you're not paying with money, you paying with data. In this case, your face
    • There is more detailed information here: https://www.epic.org/privacy/ftc/facebook/facial-recognition2018/
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here