Tech Friday

  • The privacy risks of the "smart" home:
    • Tech companies are selling Internet connected appliances and gadgets, many you didn't know you needed...
    • While the convenience of these devices may be tempting, they are not without substantial security and privacy risks
    • Many of these devices must listen to you at all times to respond to your commands. There have been issues with the information captured
    • Many of these devices are rushed to market with security and privacy as an afterthought. There are many well-known examples of IoT security issues
    • These devices, if not secured, can be subverted for nefarious purposes and/or can provide a conduit into your network and other devices
    • The information captured by these devices may not be properly secured by the vendor and/or sold by the vendor
    • The information collected by these devices can be used in unexpected ways, for example, subpoenaed in a divorce case
    • You can't just plug these "smart" devices in and forget them. They contain firmware and software that MUST be updated to fix bugs and plug security holes
    • Check well known sites likes CNet, ZDNet and Consumer Reports for reviews and vetting
    • Check Mozilla's Privacy Not Included site:
  • Tech support scammers have new tricks:
    • Tech support scams are a common form of cyber attack
    • Symantec reports that they have detected and blocked more than 37 million such attacks between July and October 2018 alone
    • Tech support scammers have a new tactic to beat anti-malware software
    • These scams typically begin when a user visits an infected website,  sometimes by choice, sometimes redirected by malvertising or Phishing
    • Once the user hits an infected website, they are warned that their device is infected with malware or told that their device has been blocked by law enforcement
    • In any case, they are informed that they need to make a payment to "solve" the problem
    • These attacks are getting increasingly sophisticated and complex
    • You must be extremely skeptical if you get this type of message, and you should understand that government agencies and the police won't demand payment, particularly with unusual methods such as gift cards or cryptocurrency
    • If you have any doubt about this type of warning, YOU should initiate an entirely new transaction with the purported agency to determine it's legitimacy
    • Scammers target victims the world over and Symantec's data suggests that the United States is the biggest target. You need to be aware, wary and skeptical
  • Phishing scam appears to be a real Apple support call:
    • Famous Security researcher Brian Krebs reported that Jody Westby, CEO Global Cyber Risk, received an automated call on her iPhone
    • The call indicated that servers containing Apple IDs were compromised and that she needed to immediate call an 1-866 number to address the issue
    • Anytime you get a call that asks you to call another number,  that is a huge red flag that a scam is at hand
    • In this case, the call displayed Apple’s logo, the company’s address, and its real phone number. This is an elaborately spoofed call
    • When Westby requested a call from an Apple Support representative, the fake call was displayed in the Recents list of her iPhone with Apple's number
    • The legitimate Apple agent confirmed that Apple did not contact Westby
    • The scariest part is that her iPhone could not differentiate between the fake call and a legitimate Apple call. Many people could fall prey to this scam
    • Krebs called the 1-866 number and got an automated system. Eventually a human being with a foreign accent picked up,  but he was eventually disconnected as he tried to play along with the scam
    • This was most likely an attempt to extort money
    • Always be skeptical!  See above
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more


Content Goes Here