FFT news digest November 6 2020

Democracy and disinformation

There's one clear winner in the US presidential election and, obviously, it's not democracy. At every stage of the process, disinformation has been the unassailable victor. Social media platforms have proved congenitally incapable of controlling the flood of lies and half-truths that have poisoned the public discourse. Obvious examples are repeated false claims of victory and allegations of ballot fraud, but there has also been a dismal failure to stop attempts to incite violence. On Thursday, it took Facebook 10 hours to remove a video from Steve Bannon in which he suggested Dr Anthony Fauci and the FBI Director should be beheaded. By the time it was taken down, it had been viewed some 200,000 times. And this Twitter thread shows the clinical use of disinformation as political weapon. The election is the highest-profile illustration of the danger when disinformation leaves democracy without an agreed factual foundation. And of course this danger extends to every facet of life in the modern world. So far, the lure of social media has been irresistible, and the next four years will show just how destructive its impact can be. It's obvious that concerted, global action is needed to confront this threat but, given the lack of such a response to a worldwide pandemic, we're not holding our breath.

Threats

"The new attack surface is your life." That's the message from venture capital behemoth, Andreesen Horowitz. "Targeting users is cheap and insanely profitable," it warns. It has 16 excellent tips that sum up the basic measures that will vastly improve your security. Bravo!

Office365: A phishing campaign has adopted an inventive approach to avoid its fake web pages being flagged up as malicious. The technique involves inverting the background images on its landing pages. WMC Global

VoIP: A hacking campaign has compromised voice over internet protocol phone systems at over 1,000 companies around the world. The aim is to sell details of compromised accounts. Check Point

Amazon: Scam uses a fake order confirmation in an effort to fool victims into clicking on a link and handing over their credentials. Abnormal Security

Leavers=thievers: 63% of employees say they brought data with them from their previous employer, according to new research. Anecdotal evidence supports this (indeed it suggests the figure might be even higher). The research comes from Code42, which you won't be surprised to learn has a product to help deal with the problem.

Facial

Artificial intelligence might be rubbish at distinguishing a football from a bald head (see below), but facial recognition technology is growing ever more capable. In an example from the US, software was used to identify a Black Lives Matter protester from a photo on Twitter. Court documents reviewed by the Washington Post revealed a previously unknown facial recognition system being used in Washington DC and the surrounding region. There is ample evidence from the US and other countries that the algorithms used in such technologies are inherently unreliable, particularly when it comes to identifying non-white faces. Several US cities have banned the use of facial recognition, and Amazon, Microsoft and IBM have all suspended sales of such systems to law enforcement because of concerns over bias and lack of regulation. Meanwhile, in another glimpse of a possible future, police in Mississippi are trialling a program that allows them to use Ring and other private security cameras in their surveillance programs.

Remote risks. Part 94.

One of the issues we highlight in our cybersecurity training is the router that connects most of our homes to the internet. That's because so many of them are a horrible security risk. The fundamental problem is that manufacturers don't make enough money out of them to focus on security, and users tend to ignore them until something goes wrong. The result is that vulnerabilities go unpatched, firmware is out of date and crucial passwords are never changed from the factory defaults. It's trivially easy to identify vulnerable routers remotely, so we suggest spending a few minutes this weekend to make sure yours is as secure as possible. It's not complicated - and if your router is supplied by your information service provider, you may not have to do anything. But if you've never logged into your router, now is the time to check. You can find our guide here.

Ransomware

The UK National Cyber Security Centre dealt with a three-fold increase in ransomware attacks over the last 12 months and it says they have become more targeted and more aggressive. In its annual report, the NCSC also notes that criminals have become much more sophisticated. "Rather than simply seeking to withhold data, criminals are increasingly threatening to leak the most valuable information publicly unless the victim pays the ransom. This new trend...means that victims are at risk even if they have backed up their data, as they would not want the information published externally," it says. "Paying to delete stolen data is bonkers," warns veteran security journalist, Brian Krebs. He cites a report from Coveware that explains several companies have paid attackers only to see their data published anyway.

VPNs

People like us tend to bang on about the value of VPNs (virtual private networks) and this hasn't escaped the notice of scumbags and criminals. Security researcher, Troy Hunt, provides details of the scare tactics used by people selling VPNs and apps that theoretically block advertisements. In this case, they found a way to display a series of warning messages designed to persuade iPhone users to download an app called Owl Adblock. This is an intriguing product, not least because its developers appear to be a car repair company in London. Meanwhile, 10BestVPN warns that free VPNs are leaking the personal details of users and may be compromising their devices. As always, there ain't nothing free on the web.

In brief

USB: Tax returns, contracts and bank statements were among 75,000 "deleted" files recovered by researchers as part of an investigation into the risks of selling used USB drives over the internet. Abertay University

ICO: Nearly £2 million in fines issued by the UK data protection regulator haven't been paid. That's 68% of fines announced since January 2019, up from 42% since this time last year. The SMS Works

Brave: Usage of the privacy-focussed web browser rose by 130% in the past 12 months, its developers said. Coincidentally, questions were raised this week over how Google uses data from its reCAPTCHA (human verification) service. The Register

Impulse control: Impulse Blocker is an extension for Firefox designed to help us control any inclination to delve into Facebook or doom scroll through the latest horrors on Twitter.

GPS: Scary story of the week. Commercial airline pilots say GPS outages are now a standard occurrence on flight routes between North America and Europe and the Middle East. Fortune

Hacker fail: Global consultancy Deloitte created a website to 'test your hacker IQ'. Unfortunately, it had a problem. Specifically, it exposed usernames and passwords (in cleartext) because of a configuration mistake. Tillie Kottman

Typing: Wow! Researchers have found a way to work out what video conference participants are typing by analysing the movements of their shoulders and arms. Tech Xplore

Balls up: Coverage of a Scottish football match provided a glorious demonstration of the limits of artificial intelligence. The AI-controlled camera was supposed to track the football automatically. Alas, it proved incapable of distinguishing between the ball and the bald head of a linesman, to which it was irresistibly drawn. Pure joy. YouTube

Updates

Windows 10/Windows Server: More than 6 months after an update was released, over 100,000 computers remain vulnerable to an issue known as SMBGhost. Research shows how easy it is to identify affected devices. If you haven't, update now!

Apple: iOS and iPadOS 14.2 and macOS 10.15.7 fix multiple issues, including three 'zero-day' issues that could allow devices to be controlled remoted and are being actively used.

Apple: As we reported last week, the release of new MacBooks and the Big Sur operating system looks like it will happen next week.

WordPress: A chaotic set of updates began with a critical security release and culminated with two further versions which were needed to fix errors with the preceding ones. Latest release is 5.5.3.

Chrome: Updates to address multiple serious vulnerabilities in desktop and mobile versions. The issues are being actively exploited.

Adobe: Emergency updates for Acrobat and Reader to fix 14 issues, four of them 'critical'.

WhatsApp: Facebook is rolling out a feature which will allow users to mark messages (including photos and videos) so that they disappear after 7 days.

Trend Micro: Update addresses several vulnerabilities in InterScan Messaging Security.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved