In The News‎ > ‎

News Digest (long post)

posted Jan 7, 2015, 9:00 AM by Craig Cox   [ updated Jan 8, 2015, 7:26 AM ]
Welcome back!  I hope everyone had a happy holiday break, as well as a secure one.  Lots of news has piled up in the in-box; here is just a sample:

Security Intelligence gives an analysis of why anonymity apps aren't all that anonymous, and can be harmful.

On a somewhat related note, the lookout blog analyzes a Google Play (Android) app that pretends to protect your private information -- and then steals it.  So far, this has hit mostly foreign users (primarily the Sudan), but the advice at the bottom about downloading only reputable apps from official web stores is still perfectly valid.

Malwarebytes predicts an increase in fraudulent tech support pop-ups on Mac computers.  Apple products can be compromised too!

Also from Malwarebytes, a warning about a fake Flight QZ8501 video spreading on Facebook.  This is typical of scammers; any big headline disaster will usually be followed by links to "shocking" video, or to phony charity donation sites.  (Update:  This likely includes the Charlie Hebdo attack in Paris.  Watch out for the scams!)

Related:  CNN covers the Facebook legal disclaimer hoax (link includes video).

Yesterday (January 6) TV station WBOC in Salisbury had their web site and Twitter account compromised.  They don't provide any analysis of how the compromise took place; in the absence of any such information, I'll simply plug the use of stronger passwords.  Ten characters that aren't dictionary words (in any language) are best.  I give a 40-minute seminar on this, free to students, faculty and/or staff.  Email me for details.

All this, of course, is just the tip of the iceberg.  Here is a very brief recap of your best defenses:
  • Be skeptical of anything strange, shocking, or too good to be true -- whether in email, social media, or text messages.
  • Keep good backups.
  • Keep your devices patched and up-to-date.
  • Always use antivirus on your devices that can run it.  Keep the AV up-to-date.
  • Use strong passwords.
  • If you have doubts or questions related to a college account or device, contact your ISO or your campus help desk!
With the logjam mostly cleared, I'll start putting future news and analysis back into separate articles.