A 2013 whitepaper published by security firm Fortinet provides eye-opening details on the increasingly well-organized world of cybercrime that now features standardized pricing, polished branding, affiliate networks and zombie armies that can be rented for as little as $15/hour. Depending on the size of the botnet army, an incredible amount of damage can be done in an hour, making this one hell of a deal if your business is exploiting security flaws and stealing identities. Criminals have noticed the huge upside to cybercrime and, like they have always done, wasted no time investing big dollars and resources in this new “industry.”
What this means for you:
Overall, it’s unlikely criminals are outspending the big companies in the cyber arms race, but it’s almost a certainty that they are outspending and are better “armed” than most small and medium-sized businesses, especially ones that can’t (or won’t) afford the necessary investment in preparation and security. The most important thing you can do as a business owner that uses technology for any aspect of your business is ensure that you are taking the appropriate precautions and making the right security investments in your technology platforms. Keep in mind this doesn’t stop at buying hardware and software, but also includes training your employees as well as holding your vendors accountable for security as well.
Image courtesy of chanpipat / FreeDigitalPhotos.net
It might be the last day of 2012, but there’s still time to issue yet another patch to fix a zero-day exploit in Microsoft Internet Explorer 6, 7 and 8. Confirmed on Saturday by Microsoft, this patch fixes a vulnerability in all versions of IE prior to v9 that may allow hackers to gain control over a victim’s machine. This latest weakness is likely to be exploited when a computer using one of the versions of the aforementioned browser visits a malicious website, allowing it to run code that can corrupt the memory on the victim’s computer and from there execute malicious code as the logged in user, potentially resulting in backdoor installations, malware infections, and zombification.
What this means for you:
It’s conceivable you are still running IE 8 which was released in 2011, so you may be affected by this weakness. If you are running IE7 or, impossibly, IE6 (it was released in 2001 – over 10 years ago!), I’d say you are better off upgrading to the latest version of IE you can reasonably run on your computer, and then making sure it is patched appropriately.
Holidays usually bring out the best in people, especially those who truly are kind-hearted and enthusiastic about the season, but it’s also an opportunity for the Grinches among us to take advantage of everyone around them. E-cards aren’t new to the internet, and may have actually waned in overall popularity since their inception many years ago, but the winter holidays usually see a spike in their usage. Internet blackhats know this trend, and ironically, it’s like Christmas for them, because they know they can trick more than the usual number of people into opening fake greeting cards that instead of delivering cheer and love, drop a big helping of malware coal in your digital stocking.
What this means for you:
Frankly, I verge on the side of paranoia, and and don’t open any digital greeting card these days unless I recognize the URL (and confirm it’s not a counterfeit). This makes me feel vaguely Scroogish, but I’d rather not spend the holidays disinfecting my computer. If you get a E-card from someone that you weren’t expecting, especially if it’s from someone you know wouldn’t send one (or they already sent you an actual physical greeting card), take a moment to contact that person to verify they actually sent it, especially if you don’t recognize the URL. Heck, it could be your opportunity to reach out to someone you haven’t spoken to in awhile, and there’s no better time like the holidays to reconnect with acquaintances, right?
If you do decide to open that virtual card, make sure your antimalware is up to date, your operating system fully patched, and you have C2 Technology on speed dial!
Image courtesy of “mrpuen” / FreeDigitalPhotos.net
Responding to a maelstrom of criticism, Instagram announced today that they plan to withdraw the proposed Terms of Use changes that sparked outrage across the internet yesterday. According to co-founder Kevin Systrom, Instagram never had any intent to monetize user photos without fairly compensating the photographer, and they are working to revise the TOU wording in a manner that is less confusing and less likely to start a another protest/boycott. Ironically, other sources have pointed out that the outrage was ill-informed at the start, and as things are wont to do on the Internet, spun out of control, perhaps unfairly so for Instagram.
It would seem that Instagram has always had the right (according to their current TOU) to monetize your content, and that the withdrawn change actually narrowed the rather broad terms users agreed to previously. I’d publish a full mea culpa on this, but the point of my previous article was more to point out the icky terms governing the use of photos that contain minors, as well as the very vague terms that assume minors are using Instagram with implicit parental consent. I understand it’s hard to police the use of free apps, especially when parents are noticeably absent with respect to knowing what their kids are doing on their personal media devices, but that seems like a cop out.
What this means for you:
My stance on the exploitation of minors for profit still stands: It’s icky. If you are a company like Instagram that is bound to feature content containing images of minors, you need to be much more careful how you glad-handle parents. As for jumping on the rage bandwagon yesterday:
Dear Instagram,
I’m sorry for assuming you suddenly became evil. You aren’t evil, but maybe you were too cavalier with your current Terms of Use, and you let too much of your Facebook allegiance shine through in your proposed changes. Please don’t be icky, and please don’t treat your users like a prize crop, even though they may act exactly as that. I’m sorry I didn’t take the time to read your lengthy and lawyered-up TOU to find out the truth that you had us by the throat from the get go, and I’m even more sorry that we willingly (through our own ignorance/apathy) let you.
The eagle-eyed internet has caught another dotcom company looking to cash in on its popularity (and recent integration with Facebook): starting on Jan 16, 2013, Instagram will be using a new Terms of Service agreement that allows it to use any content posted publicly to its service for marketing purposes.
“To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata) and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you.”
Also important: this not only applies to users who have an account with Instagram, but also anyone’s likeness that appears in a user’s publicly posted photos can also be used as such. Wait, we’re not done: if you are a minor and you’ve accepted the new TOU, you acknowledge that your parent/guardian is aware of the TOU and tacitly accepts the above.
What this means for you:
If you aren’t in the business of making money off your likeness, or your subjects aren’t celebrities, or if you don’t care that Instagram/Facebook might make some money off your own likeness, then carry on. However, if you happen to care how your children’s likeness may be exploited, you may want to ask any snap-happy smartphone users to not post pictures of your children onto Instagram, or at minimum, make them aware of these TOU changes. You may be surprised at how many people aren’t aware of Instagram’s control over the content they think they own, and doubly surprised at the number of people who don’t care that they may be providing profit for company’s that provide free services.
Bernard Meisler of ReadWriteWeb has put together an interesting article on a curious phenomena occurring on the world’s largest social network, Facebook: people “liking” things that they definitely don’t like, and even scarier, dead people “liking” things, apparently from beyond the grave. In short, Mr. Meisler after noticing some out-of-character “liking” behavior among his friends, did an informal poll and discovered that many of them found “likes” in their history that they don’t remember making, and some of them so at odds with their own personal beliefs as to be outright offensive, ie. a dedicated vegetarian “liking” the McDonald’s Facebook page.
Facebook, of course, denies that this is possible (except that it seems it is possible), and in the case of folks who are still alive (and presumably in control of their own Facebook accounts) attributes the anomalous “likes” to either pilot-error or a forgotten action. In the case of those who have passed on, apparently if the deceased’s page is not “memorialized”, Facebook can still dredge up past history and “refresh” their stream to simulate (and presumably stimulate) activity. I personally witnessed this on the account of a friend who recently passed the previous year, so it definitely does occur.
What this means for you:
Check your Facebook history, specifically your “Likes” history. This can be done by clicking your name in the upper right of the Facebook interface, and click the “Activity Log” button on your page. See any pages you don’t remember liking? If you do, let us know!
Yesterday, the internet experienced a moment of apocalypse angst when Gmail users around the world (including C2) experienced a variety of issues getting email. Lasting roughly 40 minutes, users experienced complete outages, slowness and, if they were using Chrome with browser syncing enabled, outright application crashes. It turns out, rather than being able to blame ancient prophecies, Google fingered one of their own as the root source of the problem.
What this means for you:
Cloud nay-sayers may have had a brief moment in the sun while Gmail was on the ropes, but the fact remains that it’s still a very reliable service. Several lessons may be learned from the experience, all of them common sense:
- If your critical business practices rely on a free email service being available all the time, everywhere, you may want to re-evaluate those practices.
- When making adjustments to your business infrastructure, always double-check your work, and make sure you have a backup of your data.
- When technology fails, 9 times out of 10, a human is behind the failure.
Last week, Facebook opened up a vote on its usage and terms policies that included in the changes the removal of user pivilege of voting on future changes to said policy. In order for the user vote to be binding, 30% of Facebook’s user population (approximately 300 million users) needed to cast a vote in either direction. In the “Surprising No One” column, only 700,000 votes were cast (about .06% of the total population), and even though the vote was overwhelmingly against the changes, Facebook only needs to take that result under advisement, in other words, “Thanks for your opinion, we’ll do what we want.”
What this means for you:
Most of Facebook’s user base probably had no idea they had any influence over the policies that affect how they use, and are used by, Facebook, who went so far as to notify everyone about the upcoming vote via email. Even though they provided an easy to use link, an even easier to use app to vote (you didn’t even need to leave the confines of Facebook!), most of the world couldn’t be bothered to care about this change. It’s true, as mentioned in my previous article on this, Facebook allowing its userbase to weigh in on policy change is extremely unusual. As a result of the lack of interest, Facebook will become like the thousands of other internet companies who make changes to their terms of use without asking their users permission, and internet citizen self-governance takes another step backwards in favor of convenience and “free” services.
We’ve already seen way too much of some politicians and celebrities on the internet, but it seems human foolishness knows no bounds where the internet is concerned: sharp eyes have spotted a trend of people posting things like driver’s licenses, debit cards and other items with sensitive personal information in plain view on the internet through services like Twitter and Instagram. The reasons for posting these images aren’t immediately clear – and frankly, there isn’t a single logical explanation that doesn’t make these folks out as complete fools.
What this means for you:
In case you aren’t clear as to why this is a bad, bad thing – posting your sensitive personal information on the internet is tantamount to building a gigantic neon sign over your head that says, “Steal my identity, please!” To all the people who are doing this – STOP. Put down your smartphone (ironic, eh?) and step away from the internet. Go stand in the corner and put on that funny, pointed cap. Congratulations, you’ve just earned the Dunce of the Year!
Parents – if you have a teenager with their own smartphone and they’ve just earned their driver’s license or their own credit card, make sure they aren’t taking a picture of that shiny new card and posting it on the internet to brag to their peers. It might be a good time for a little security chat – and will be a lot more comfortable than that other chat you’ve been putting off for awhile now, right?
Facebook is taking a less than transparent approach in its latest governance vote by asking users approve changes to their usage and terms policies that revokes the privilege to vote on future changes to that usage and terms policy. The questionable part is that they are burying that change in the monstrous pile of legalese that is the overall “Statement of Rights and Responsibilities” and “Data Use Policy”.
Are they hoping that no one is paying attention and will happily vote away their ability to provide input on future changes? If typical human behavior demonstrated in skipping past the “fine print” is any indication, they would have been mostly right. However there are still plenty of digital activists and internet watchdogs scrutinizing Facebook. Their eagle eyes have spotted the change and got the mainstream media to splash it all over the internet.
What this means for you:
If you don’t use Facebook, you can’t vote. If you do use Facebook, you should go vote and let Zuckerberg et al. know that you care about your digital rights and want to have a say. Unless 30% of the Facebook population show up to vote, Facebook only has to take the decision (regardless “yea” or “nay”) as “advisory” and will adopt the new changes, removing your ability to vote on future changes. The fact that Facebook allows a vote at all is a bit of a rarity in the internet service realm, and countless legal arguments have surfaced over whether “Terms of Use” policies that many of us blithely click “I Agree” to in order to get to the good parts are even enforceable. But don’t let that lead you to an apathetic stance – Facebook’s position as the largest digital consumer service in the world puts it in the limelight for security and user rights, and as such, it should be trying to empower its users, not abrogate their freedoms.