Google tracks you (but you can purge what they know)
Two days ago, I wrote about how Google tracks you. Please see https://wp.me/paAiP4-wh for a refresher.
Go to the Google Dashboard at https://myaccount.google.com/dashboard. Let’s just download this data. Click the Download your data link, which takes you to https://takeout.google.com. Scroll through this list of services Google thinks you use. Google checks all by default. At the bottom, click the Next step button.
I am choosing to export this data once, save the data as a .ZIP file and span my data across multiple .ZIP files when the files are larger than 2 GB. Click the Create export button.
Google reports “This process can take a long time (possibly hours or days) to complete. You'll receive an email when your ... Read More
Google tracks your activity
They've been tracking you since you first created that free Drive, Gmail or YouTube account. You can review the data Google tracks and download it. Google also lets you delete some data.
Google tracks via Gmail
Take a deep breath and visit https://myaccount.google.com/dashboard. Login if prompted.
Let’s start with the Gmail link. Google indexes Gmail contents and uses that to help determine which ads will be most interesting to us. Let’s see just how much data Google tracks.
Click the Gmail button.
Click GO TO GMAIL.
Click All Mail (on the left).
Peruse your entire mailbox.
Google reports 4,789 messages in my Gmail account. Although Google reports 4,789 messages, I see only 224 messages in my Inbox, 10 in Trash and 487 in Sent. The rest ... Read More
Remote Desktop is a big vulnerability
Maybe you use Microsoft’s Remote Desktop feature to connect to your workstation at work from…anywhere. Remote Desktop has been in Windows for 20 years at no extra cost. The network administrator at my target reviews the workstation’s logs through Windows’ Event Viewer. This screenshot is from my research honeypot.
Someone is trying to login to this virtual machine at a ferocious pace
The unlucky soul who has to read these logs finds login attempts are international. My perusal shows login attempts from five IP addresses:
211.72.1.31 in Taipei, Taiwan
24.142.48.215 in Dartmouth, Canada
87.147.195.55 in Olching, Germany
47.185.77.29 in Keller, Texas
91.234.125.163 is in Sosnicowice, Poland
Assuming it is one hacker who either employed a botnet (a series of computers simultaneously tasked with a large task) or is ... Read More
Let LastPass manage your passwords (you have other things to think about today).
We have too many passwords. Keeping track of them mentally or on Post-It notes does not work. Keeping them in a Microsoft Word document is also troublesome. If you change a password and fail to update the document, then the record becomes wrong. Next time you go to that website and use the password in your Microsoft Word document, it won’t work. You did not update the document. Let me introduce LastPass.
Several companies have solutions. I use LastPass, which lets you create a vault that holds all your passwords. You don’t have to remember what LastPass stores in the vault. You only have to remember the master password to access the vault. The ... Read More
2-factor Authentication helps protect your identity.
You should deploy 2-factor Authentication. This increases your security and reduces your chances of becoming an identity theft victim. Most services encourage 2-factor Authentication and let you deploy it at no additional cost.
Here's a quick question for you.
When attempting to access a website, the website can challenge you based on:
A) What you know (e.g. password).
B) Who you are (e.g. fingerprints).
C) What you have (e.g. phone).
D) All of the above.
Correct answer: D.
How it looks in real life.
Daisy runs a dental office in Folsom, CA. Keeping the practice up and running is her top priority. She runs most of her patient, insurance and vendor communications through her Gmail account. She deploys 2-factor Authentication with the steps at https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome. She keeps her smartphone nearby. ... Read More
Did you know your multifunction printer has its own backdoor WIFI?
Allen called me one day and said his printer was printing nonstop garbage. He wasn’t printing anything, but somebody was printing through WIFI. This print job was consuming his toner and paper. How did this happen?
I told Allen that in addition to joining your multi function printer to your office or home WIFI, you’ll find the printer broadcasts its own WIFI signal. You, or anybody close enough to the printer, can hop on that printer through that WIFI. A hacker could then cause mischief, including changing the printer’s IP addresses or printing large print jobs that consume paper and toner. I am showing you how to identify your printer’s WIFI, and how to secure it.
Assumptions
... Read More
Extortionists demand money even though no agreement made
Anyone who depends upon good public opinion can be vulnerable to orchestrated bad word-of-mouth, especially in the form of online reviews.
Podcasters are being targeted by extortionists who threaten to swamp their shows with negative reviews, according to Mark Asquith at Rebel Base Media. Asquith cites one recent case in which a scammer reached out to a podcaster on social media and offered to promote their show.
When the podcaster expressed interest, the scammer didn’t respond for several days. After that, the scammer sent a message informing the target that they’d been promoting the target’s podcast for the past few days. The scammer then demanded hundreds of dollars in payment for this supposed service. “No agreement had even been discussed, ... Read More
New Cybersecurity best practices
In December 2018, the Department of Health and Human Services (HHS) published the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. This new directive offers cybersecurity best practices that healthcare organizations of any size can implement. Originally posted by Fred Langston CISSP, CCSK at CI.Security.
I’ve been doing health industry cybersecurity for a long time, which has led to my involvement in helping to craft cybersecurity policy for the healthcare industry. One of my first experiences was back in 1996, when I was part of the working group that provided guidance on the proposed HIPAA Security Rule. That rule established certain standards for security moving forward. The resulting risk-based approach was meant to allow the vastly different types and sizes ... Read More
Water utilities are popular targets
It wasn't the first time the Fort Collins-Loveland Water District and its wastewater counterpart had been hit by "ransomware," a type of malware that encrypts victims' computer files and demands online payment to unlock them.While operations weren't harmed, the infection prompted the water district to switch out its information technology service provider and call in the FBI. The case, first reported by the Coloradoan, remains under active investigation. FCLWD and the South Fort Collins Sanitation District treat and distribute water to 45,000 customers in northern Colorado.Colorado water officials aren't alone in their cybersecurity woes. The nation's nearly 70,000 water and wastewater utilities are struggling to keep their heads above a rising tide of online threats, based on interviews with security experts ... Read More
Social engineering led to potential kidnapping
Social engineering and impersonation attacks can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas.
Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet.
“That individual is very, very close to ... Read More