Private Data in the Digital Age

Former U.S. spy agency contractor Edward Snowden is wanted by the United States for leaking details of U.S. government intelligence programs

Former U.S. spy agency contractor Edward Snowden is wanted by the United States for leaking details of U.S. government intelligence programs

In a scenario where someone has a file of information stored on a private server with the intent to keep it private, is it ever justified for someone else to expose a security flaw and post the information anonymously on the internet? There exists a fine line where “It depends” on the scenario. But this classification simply does not do the case justice as there are extraneous circumstances where this kind of theft and distribution is justifiable.

One such case is whistle-blowing. Edward Snowden is still a man of much controversy. Exiled for leaking sensitive government documents, some label him a hero, others a traitor. Snowden was former Special Forces and later joined the CIA as a technology specialist. He stole top-secret documents pertaining to the National Security Agency and FBI tapping directly into the central servers of leading U.S Internet companies to extract personal data. Snowden leaked these documents to the Washington Post, exposing the PRISM code, which collected private data from personal servers of American citizens. This program was born out of a failed warrantless domestic surveillance act and kept under lock and key to circumvent the public eye. Americans were unaware and alarmed by the breadth of unwarranted government surveillance programs to collect, store, and search their private data.

Although Snowden illegally distributed classified information, the government was, in effect, doing the same but with personal data of its constituents. I would argue that Snowden is a hero. He educated the American people about the NSA overstepping their bounds and infringing upon American rights. Governments exist to ensure the safety of the populace, but privacy concerns will always be in conflict with government surveillance and threat-prevention. The government should not operate in the shadows; is beholden to its people, and they are entitled to know what is going on.

The United States government charged Snowden with theft, “unauthorized communication of national defense information,” and “willful communication of classified communications intelligence information to an unauthorized person.” The documents that came to light following Snowden’s leaks only pertained to unlawful practices, and did not compromise national security. Therefore, it appears as though the government is trying to cover up their own mistakes. Perhaps this is most telling in one of Edward Snowden’s recent tweets :

“Break classification rules for the public’s benefit, and you could be exiled.
Do it for personal benefit, and you could be President.” – @Snowden

This commentary on Hillary Clinton shows that in the eyes of the government who is right and wrong changes on a case to case basis. In many ways, Snowden’s case mirrors Daniel Ellsberg’s leak of the Pentagon Papers in 1971. The Pentagon Papers contained evidence that the U.S. Government had mislead the public regarding the Vietnam war, strengthening anti-war sentiment among the American populace. In both cases, whistle-blowing was a positive force, educating the public about abuses happening behind their back. While in general practice, stealing private information and distributing it to the public is malpractice, in these cases, the crime of stealing was to expose a larger evil and provide a wake-up call for the general population.

Alternatively, in the vast majority of cases accessing private files via a security flaw is malicious, and the government should pursue charges. While above I advocated for a limited form of “hacktivism,” it was a special case to expose abuses by the government which fundamentally infringed on rights to privacy. In almost all cultures, religions and societies stealing is recognized as wrongdoing and should rightfully be treated as such. Stealing sensitive information and posting it online should be treated in a similar manner. Publishing incriminating files about someone else online can ruin their life chances. For example, during the infamous iCloud hack, thousands of nude or pornographic pictures of celebrities were released online. This was private information which the leaker took advantage of for personal gain. For many female celebrities it was degrading and humiliating. Therefore, the leaker responsible for the iCloud leaks was not justified in  taking and posting the files. While the definition of leaking sensitive information for the “common good” can be in itself a blurred line, but a situation like the iCloud leak evidently did not fit in this category. Hacking Apple’s servers to access and leak inappropriate photos can only be labeled as a malevolent attack on female celebrities, which could have potentially devastating repercussions for their career.

While the iCloud hack was a notorious use of leaking private data in a hateful way, there are more profound ways which posting private data can destroy someone’s life. Most notably, stealing financial information and identification (such as SSID) can have a huge, detrimental effect on someone’s life. My grandmother was a victim of identity theft, where someone she knew and trusted stole her personal information and used it for personal gain. This same scenario plays out online constantly and can drain someone’s life savings, reduce their access to credit and loans, and leave them with a tarnished reputation. Again, we draw a line between leaking something in the public’s interest and exposing a security flaw for the leaker’s benefit. By gaining access to personal files, hackers could wreck havoc and destroy lives. Obviously this type of data breach is unacceptable, and cannot be justified.

Overall, taking sensitive material and posting it anonymously online can generally be regarded as malpractice, however, their are exceptions such as whistle-blowing where the leaker is doing so for the common good. These cases are far and few between, and the “bad cases” have harming repercussions which can follow someone throughout their life. Ultimately, to recall Snowden’s case, everyone has a right to privacy. This is why someone leveraging a security flaw and posting files online is wrong from the get go, because it supersedes personal secrecy. In an increasingly digital world it is difficult to keep anything private, but everyone has a fundamental right to privacy which should not be disrespected or infringed upon.

Physical Security is Important Too

Although Cyber Security Awareness month is over, that doesn’t mean you can forget to lock your computer. One should always remain vigilant to protect their personal data. One aspect of security that is often overlooked by most people is physical security; the protection of the devices themselves.

On an individual scale, physical security is as simple as not leaving your phone/laptop/tablet unattended in dining halls or the library. If you must leave your laptop, be sure to lock your screen and get a laptop lock. A quality lock can be had for around $20 and is well worth the cost when compared with the cost of a new laptop, and losing any data you don’t have backed up. Also consider that many people store their passwords in their browser such as Google Chome’s auto-fill feature. While this is convenient for the user, if someone steals your laptop and is able to log in, they now have access to all of your online accounts.

One might argue, “Isn’t that the point of having a login password on my computer?” and they would be correct. But there is a saying in the security industry: Physical access is total access. This means that once someone has your device in their hands, they can do whatever they want given enough time. That is why in professional industry, security conscious businesses will have security experts conduct a “penetration test”. A security expert will go unannounced to the office being tested and try to circumvent the security in place at the office. This can be in the form of lock picking, social engineering (i.e. “look like you belong”), or simply finding an open door. Once the expert (or an actual criminal) is inside, they now have physical access to the company’s computer systems and data. From there, they can install key logging or other data gathering software, or simply steal encrypted hard drives to be broken into later.

While having a strong password is a good start to keeping your data secure, the importance of physical security cannot be overstated. One should always take precautions to prevent others from gaining access to their computer in any and every way possible.

Quick Tips: Remembering Complex Passwords

password_strength

This XKCD comic notes a popular strategy to password security, using a series of words rather than a single word with special characters. But is this the best way to come up with a secure password that you can remember? Depending on what you create, the password may still not be very secure if it is low in complexity and the words you chose include common words like “password” or “umass”.

But remembering random letters and numbers is difficult, and might cause you to find yourself writing down passwords or forgetting them entirely. Another strategy is to come up with a phrase of words, like “correct horse battery staple”, but then only use certain letters. If you only think of the phrase in your head, and then use something like the first letter and last letter of each word, you keep the ease of remembering a simple phrase, but now have “cthebyse” in your password. Adding some special characters to this will make a very strong password.

Longer passwords are even better, so if you can come up with a scheme like this for a long phrase, your password will be even stronger. “Mary had a little lamb its fleece was white as snow” is easy to remember, and the first letter of each word produces “mhallifwwas”.

You won’t find this in a dictionary attack, and recalling this complex string as you type it out is as easy as remembering the lyrics in your head. Just make sure you add any special character and case requirements to the password, and you’re good to go!

Reference:
Monroe, Randall. “Xkcd: Password Strength.” Xkcd: Password Strength. N.p., n.d. Web.
…..17 Nov. 2016.

Securing Your Online Services

Securing your online services

With more and more of our lives happening online, it’s super important to protect all of your personal information with secure passwords. Your personal information is probably stored across a wide variety of social media, Google, banks, and other sites that contain information you would not want to fall into the wrong hands.

There are several different aspects to making sure your passwords are protecting you as much as possible. This post will serve as an online security audit so that you can go through your online services and secure yourself as much as possible

Step 1: Securing your email

Your email account is the most important account to secure. If someone has access to your email, then they can view all of your personal personal information within those messages. Your main email account is also used for password recovery for every other account that you have, so if they get into your email, theres no stopping them from getting into your Facebook, Google, and banking information.

The first place to start is making sure your email has a very strong password. We will get into generating strong passwords later in the article, but your email account should definitely be one of the stronger ones. This is the first line of defense against people trying to enter into your email.

Step 2: Two-Factor Authentication

The basic premise behind two factor authentication
The basic premise behind two factor authentication

After you get setup with a strong alphanumeric password, the next step is to turn on Two-factor authentication (sometimes known as two-step authentication). This system adds an additional layer of security to your account by requiring you to have your phone or another device in order to get into your account. There are various implementations of this system, but it generally works by receiving a text message with a code that you enter after you enter your password. This code expires after 30 seconds, so even if someone was able to steal this code, it would be useless after 30 seconds.

The whole idea of multi-factor authentication is that you need both something you know (your password), as well as something you have (your phone) in order to access your account. Some security systems even add another factor such as a finger print or iris scan in order to access an account or area. You can find out which services you use have two factor authentication here.

Step 3: Using a password manager

1Password is one of the most popular password managers, especially for Mac and iOS devices
1Password is one of the most popular password managers, especially for Mac and iOS devices

Earlier I said that one of the best ways to secure your email was with a strong password. The best passwords are those that are long, random, and include a variety of letters, numbers, and symbols. Equally important is using a different password for each service. Many people use the same password across all of their logins. This means that once someone gets that password, they can basically access your entire life online. A password manager facilitates both of these goals by generating strong passwords, and then storing them securely so you never have to remember what they are.

Password managers are very good at generating random passwords for you to use. Most of them have build in generators that allow you to customize parameters such as length and what types of symbols you want to use. I would recommend creating the longest password possible for the most security.

Note that for some reason, certain services implement a maximum length for passwords. For these services, you will have to limit the length to what the service allows.

The second part, and perhaps the more useful part, of a password manager is that it stores all of them. As a user, all you have to do is remember one master password that allows you to access the password manager. The password manager stores all of your login information in an encrypted database that unlocks with your master password. Both 1Password and LastPass have browser extensions that will enter in your information when you come across a login page for a given service. Since you basically never have to type in your passwords manually, this means that you can make them longer and more secured. The only password you ever have to remember and type out is the one that unlocks your password manager vault. And even on devices such as your iPhone, you can set it to unlock with your fingerprint, so you never have to type in any passwords.

LastPass's Browser Extension
LastPass’s Browser Extension

Conclusion

So much of your data is stored online, that it’s dangerous not to protect it to the best of your ability. For most people, there is a tradeoff between security and convenience. Its so much more convenient to have the same password across multiple services. This is easy to remember, plus its easier to type in since these passwords are normally short and something relatable, such as a pet name or some combination of initials and a birthday. But these same elements that make it easy to log in yourself also make it easy for hackers gain access. If your password is something easy to guess, then they don’t even have to brute force their way in.

The steps outlined in this post will help you to maximize your online security, while still holding onto the convenience that we desire as end users. A strong email password is the root of your security strategy, as this helps to prevent hackers from gaining access to all your accounts when they compromise one. Two factor authentication means that even if someone gains your password, they still won’t be able to enter your account unless they get your phone. Finally, a password manager will allow you to have strong passwords while having the convenience of a single password.

Free is Never Free: Protect Yourself and Ensure You Never Pay

The Virtual market place is one unlike any other in the world. Never before has there been such vast and widespread access to the goods and services found online. Before, answering questions meant buying books. Listening to music meant purchasing albums.  Contacting friends and family meant paying for paper and postage, or putting coins in a payphone. You get the point. Limitless abilities and possibilities are immediately accessible by anyone with an internet connection, and most of the time, its free. Or is it?

Currency 2.0

This vast access to free services on the internet is one many our age take for granted. But what is not immediately obvious is that free is rarely free; Information is the new currency. Companies big and small, righteous or malicious, will pay big bucks for user data. Has a free game or app ever asked for you to sign in using your FaceBook Account? When you agree to this, you are providing the company with information about your age, likes, friends, etc, so that they can serve targeted ads and track usage and spending habits.  What’s nice is that large companies, will ask for permission to trade this information for your use of their service. But what about when they don’t?

Malware, Spyware, PUP, Oh My: How Your Own Computer Can Be Used Against You.

Lets conduct an experiment. We are the typical internet user, and we are interested in streaming tonight’s Hockey Game. So we google it: Free live Hockey Stream. We click the first link we find!
scrot2
scrot1
We can stream totally for free if we just install what the huge LIVE HD STREAM button takes us to! Or not. Lets read the permission we are about to give software we’ve never used before:

  • Read and change all your data on the websites you visit.
  • Change your search settings to sports.searchalgo.com
  • Change your privacy related settings.
  • Stream your favorite team’s game for free!

What will this extension do? Redirect your searches through their own advert riddled search engine, create their own advertisements on the sites you try to visit, and finally, collect and sell your usage data, and for free at that.

Using Protection and Getting Checked: Mom Would Be Proud

So free isn’t always free, and not every where on the internet is friendly. How do we navigate this treacherous virtual world safely? Common sense, Careful reading, and Curated content.

Common Sense:

  • Never install something if you did not set out to install it.  For example, while trying to install a free music player to replace iTunes, I found this:
    scrot3
    “Add and Start Download” could seem right, but that is not the installer for the Audio Player. That is the installer for another malicious Chrome Extension
  • Do not provide personal information to an unknown source. A company will not ever contact you first. Microsoft will never tell you they’ve detected a virus, but malicious scammers will tell you that they are Microsoft, and make away with credit card numbers, email addresses, and more. Can you believe people would just go on the internet and lie?!

Careful Reading:

  • Always read the permissions given when installing, and disable unwanted or unneeded ones. Installing an application on any platform, phone or desktop, will request your permission when making a change to your system, when downloading an unknown software, or when collecting information about your friends, your location, or your personal data.  Many times, these functions can be disabled or these permissions denied.
  • Always be sure the installer is installing what you expect. Many times, an installer for a free program can be packaged with unwanted or malicious software.  Always read what you are agreeing to before clicking “Agree” ,”Next”, or “Finish” when installing.
  • Check out reviews and guides. On the internet you are never alone, and as creepy as that may sound, there is safety in numbers. “Is MacKeeper a virus?” or “Is (new website) safe?” are great searches to see if people have been able to use services successfully

Curated Content

  • Find trusted routes to free services.  There are many non-malicious free services and programs out there, and there are many places where people have done the work to ensure that they are safe. http://www.umass.edu/it/software has a list of programs that can be obtained for free or at a discount. Another powerful tool is https://ninite.com/. An all in one free to use installer for a wide variety of programs. Pick and choose what you need.
  • Use a content blocker, check your security settings, and use an anti-virus software. Be sure pop-ups are disabled, get an ad-blocker (but whitelist the sites you want to help fund like your favorite Youtube channel), and get Malwarebytes, or McAfee from the UMass IT software page above.

Disproving Einstein: the Phenomenon of Quantum Entanglement and Implications of Quantum Computing

Quantum-Entanglement

Albert Einstein famously disparaged quantum entanglement as “spooky action at a distance,” because the idea that two particles separated by light-years could become “entangled” and instantaneously affect one another was counter to classical physics and intuitive reasoning. All fundamental particles have a property called spin, angular momentum and orientation in space. When measuring spin, either the measurement direction is aligned with the spin of a particle -classified as spin up- or the measurement is opposite the spin of the particle -classified as spin down. If the particle spin is vertical but we measure it horizontally the result is a 50/50 chance of being measured spin up or spin down. Likewise, different angles produce different probabilities of obtaining spin up or spin down particles. Total angular momentum of the universe must stay constant, and therefore in terms of entangled particles, they must have opposite spins when measured in the same direction. Einstein’s theory of relativity was centered around the idea that nothing can move faster than the speed of light, but somehow, these particles appeared to be communicating instantaneously to ensure opposite spin. He surmised that all particles were created with a definite spin regardless of the direction they were measured in, but this theory proved to be wrong. Quantum entanglement is not science fiction; it is a real phenomenon which will fundamentally shape the future of teleportation and computing.

Continue reading

The Web’s Move to SSL

These days, there is a lot of talk about cyber security, secure web browsing and tips to keep your information safe. One of the best ways to do this is to stick to websites that use an encrypted connection. Browsing completely secure can only truly be accomplished through websites using something call SSL, or Secure Sockets Layer. This allows an encrypted connection to be established between the web browser that you’re using, and the website you’re accessing. This kind of connection is usually indicated by a green lock and HTTPS in the URL bar of your web browser.

google1

A note about URLs starting in https: a green https is good; a red https, usually precluded by a warning that the certificate shouldn’t be trusted, is questionable at best. The way that ssl ensures a secure connection is by installing a certificate in your browser that is signed by a trusted entity, such as VeriSign. When this occurs, you’ll access the page and the lock and HTTPS will be green as shown above. However, anyone can create certificates, and if they aren’t signed by a trusted entity, your browser will warn you.

Untitled

This doesn’t mean that your connection isn’t encrypted, it still is and no one will be able to see your information in between your computer and the website’s server. What it does mean, is that the person or company who owns the website isn’t necessarily to be trusted.

In April, about 1/3 of all web traffic was encrypted, in large part due to Google, Facebook and Twitter. With Netflix planning to make the switch to HTTPS, some research indicates that this could jump to as much as 2/3 of all web traffic by the end of the year. On the subject of Facebook and Twitter, though, is yet another type of encryption that further secures your data: end-to-end encryption.

This mostly relates to private messaging between you and someone else. Examples include email, Facebook or Twitter messages or even text messages. End-to-end encryption allows all your data to be encrypted not between you and the website you’re using, but between you and the person you’re messaging. This ensures that Facebook or Twitter or Google, etc. can’t see your private messages. While this advanced privacy tool isn’t yet available for most services, there are browser extensions and add-ons that can provide this for you. As far as texting and even phone calls go there are a number of apps available for both iOS and Android that are designed to provide private communication.

So while truly secure internet access isn’t inherently provided with an internet connection, it is relatively easy to secure your web activity by making sure that your data is encrypted. This could be through secure sites, browser add-ons, or mobile applications, but whichever method(s) you use can go a long way in ensuring your data stays private.

How to get rid of Superfish

Superfish

Superfish

As you may be aware, it was recently revealed that many Lenovo computers shipped between October 2014 and December 2014 were pre-loaded with a piece of AdWare called “Superfish.” In addition to being annoying, Superfish introduces a serious security hole in the way your computer uses HTTPS on the internet. It’s gotten bad enough that the Department of Homeland Security had to advise people to remove the software. Lenovo has since gone on full damage-control, and is no longer shipping computers with Superfish pre-installed. The following is everything you need to know about this piece of AdWare.

What is Superfish?

Superfish is your typical piece of AdWare. It runs in the background on your computer and when you go to a webpage Superfish injects pop-up ads in to the page you’re looking at. It does this on all pages, regardless of whether they use HTTPS.

Why is it bad?

First of all, no one likes ads. If you happen to be someone who does enjoy pop-up ads you may want to remove Superfish anyway, and here’s why: in order to make sure that it can show you ads even on encrypted secure webpages, Superfish has to break your computer’s encryption. It does this by installing its own “root certificate.” The way that HTTPS works is that each website needs a certificate to verify its identity. If you’re interested, Wikipedia explains the details behind HTTPS and certificates fairly well. These certificates must be signed by a trusted authority such as VeriSign or InCommon. Because Superfish installs its own certificate on your computer it can pretend to be one of these trusted authorities and thus it can pretend to be any website it wants. This is what is called a “man-in-the-middle attack.”
In addition to being annoying and malicious, this was also poorly done. Superfish installed all of its root certificates using the same password, which this man figured out in 3 hours. That means that if your computer has Superfish installed, you could be vulnerable to a phishing attack or anything similar since anyone can take Superfish’s certificate and pretend to be a website they aren’t.

How do I fix this?

First of all, let’s find out whether you have Superfish or not. A nice, white-hat citizen of the internet built this website to help you figure it out. If you do have Superfish installed, Lenovo was nice enough to put out a handy uninstall guide, along with a nice automatic tool. The steps are written for Windows 8, but they should be similar if you are on Windows 7. Here’s the synopsis:

1. First, open up Control Panel and go to “Uninstall a program.” Then find Superfish in the list, select it and hit “Uninstall”
2. Go to Window’s search function and look for “Manage Computer Certificates.” Go into Trusted Root Certification Authorities, and delete the Superfish cert.
3. Finally, Firefox and Thunderbird also need to have the certificate removed manually. See the Lenovo article for instructions on how to do this.

You’re done! Remember to keep all your software up to date, and always feel free to come to UMass IT for help with security or anything else you might need.

Passwords, Security, and Beyond: Keeping a Password Secure

Last time, we went over the best ways to create secure passwords, so now we’ll finish it up with keeping those new shiny passwords secure. By keeping them secure, we mean that it will be difficult for anyone to gain access to it, while you, the user, can easily access it. But before we get down to the details, it’s best to first realize that there will never be a 100% fool proof way to keep all of your passwords secure forever- there’s no guarantee regarding digital security. So there’s really no point to going to extremes and keeping all of your passwords in a super secret vault in your basement with the only key buried in the backyard in an unmarked location. But rest assured, with a few relatively simple steps (and some healthy paranoia) you can significantly reduce the risks of losing the element of security with your passwords. Continue reading

Passwords, Security, and Beyond: Creating a Password

Passwords are nothing new. The provide a secure way to access information that only one person should have access to.  Under normal circumstances, this shouldn’t be a problem, but when the human condition of greed and evil are taken into consideration, passwords suddenly become a big deal: they are a bunch of characters that provide access to your entire life. But a lot of passwords aren’t taken seriously, like those that are only used on one account, or that are protecting things that aren’t really worth anything. These passwords are usually easy to guess, are not stored properly. This is exactly what you want to avoid. So in this two part blog, I’ll go over two of the most essentials things know about passwords: how to make a secure password that you will remember, and how to keep it that way. Continue reading

Savings Bull, the malware that keeps trying to save you money, but just goes a little too far!

Pop-ups, advertisements, new home screens,  and more come  for free when you obtain a browser targeted virus.  If you are experiencing any of these, or any other issues that are browser related, this article is for you!  There are multiple viruses that will make changes to your browser’s settings for advertising purposes so that every time you want to surf the web, you have to surf through numerous popups and ads.  These are a little different from your normal computer maleware or adware because after infecting your computer, they make permanent changes to your browser, that need to be manually changed back.  They can find their way in and make their home in your browser’s Add-ons or Plugins/Extensions.  This means that when you run your normal virus scans, they might be overlooked.  To remove these, you must do it manually.  An example of this type of virus is Savings Bull… Continue reading

Help! I think I have a Virus (Windows)

First it’s important to verify that your computer is infected. The general sign for malicious software is that your computer stopped working as expected. The obvious problem with this is that there are a whole lot of reasons your computer can stop working correctly that are not caused by viruses. For example software updates can often cause unexpected side effects, hardware can stop working, and users can change settings without truly understanding the effect of the change they made. The most general way to determine that you actually have malware is to ask yourself could somebody be making money off of what is happening to my computer. The fact is that almost every piece of malicious software in existence was created with the intent of making money. That being said here are some common signs that your computer may be infected:

Continue reading

Avoid Adware to Keep Browsers Running Like New

As a Help Center Consultant, I have seen countless computers come into our office with persistent advertisements, unintentional redirects, and other annoyances within web browsers. In addition to being an annoyance, the software that is generating these ads can also be harmful to your computer, and is often prohibitive when attempting to access websites. These symptoms are caused by software known as “adware”.

This is a browser infected with adware, notice the toolbars and homepage ads.

This is a browser infected with adware, notice the toolbars and homepage ads.

Continue reading

Keychain Access and Keepass

Have you ever had that awkward moment when you forgot the password to your bank account and missed your rent payment? Maybe not, but I’m sure you’ve forgotten a password at least once in your life, which is easy to do considering the average person uses about 10 passwords a day. So how can one avoid the inconvenience of forgetting important passwords in today’s fast-paced world? Simple, Keychain Access and Keepass.

Continue reading

Time Machine: Automatic Backups for your Mac

What is Time Machine?

Time Machine is automatic backup software that comes with Mac OS X. It allows you to backup your entire Mac, including system files, applications, accounts, preferences, email messages, music, photos, movies, and documents to an external drive. After the initial backup is complete, Time Machine will continue to perform hourly backups on any files that have been changed since the last time it ran. When your external drive is filled, Time Machine will start to delete the oldest existing backups in order to free up space.

Continue reading

Digital Wallets The Future of Buying Products.

 

Technology has become integrated in our society, we are using it every day at work, home, and in some states there using IPad’s to teach kindergarten class. With technology becoming more of a necessity than a luxury in past years, the number of people shopping online has increased at an astounding rate. The online shopping market is projected to be worth 370 billion dollars in 2017.

Continue reading

Cyber Security Awareness: What is Malware?

What is Malware?

Malware is any type of malicious software that can infect your computer and slow performance, monitor usage, steal sensitive information, or gain access to privileged areas on your computer.  These can be harmful to your computer and your files. This post will discuss the different types of malware, how to tell if your computer is infected, prevention, and removal. For more detailed information about computer security resources, check out the IT Help Services Security Center online or stop into the IT Help Center for a free Security Check-up. Continue reading

Mobile Malware: In the Wild

Introduction:

According to a recent study conducted by the networking company Juniper, mobile malware is on the rise, and malware found in the wild is targeted almost exclusively toward Android devices.

“Theoretical exploits for [Apple] iOS have been demonstrated, as well as methods for sneaking malicious applications onto the [Apple] iOS App Store,” the report says, but criminals have tended to favor Android as their target, because there is less oversight on the process of releasing applications into the wild” [1].

Running older versions of Android with a lack of consistent update support can significantly increase the risk of a device becoming infected. Users are encouraged to update to a newer version of Android if possible (through each device’s update utility). Continue reading

Four Useful Browser Addons

There are thousands of addons available for use with a wide range of web browsers. We have compiled a list of the top four addons that we think are most worthwhile. From blocking ads to protecting users’ online privacy, these addons are useful and important. We think they will make your browsing experience more enjoyable and more secure. Continue reading

Do Not Track – An Overview Of Internet Privacy

The Problem

When it comes to privacy on the internet, the user is very often left in the dark regarding how his or her data can be accessed and utilized by third parties. In this context, third parties can refer to “analytics services, advertising networks, and social platforms” [1] that can leverage a myriad of existing web technologies to track the websites you visit. These third parties can then use this information for various purposes such as directing advertisements toward more relevant audiences.

For example, if a website you visited decided they want to track their users’ web history, they could simply slip a clause into the privacy policy of their site (which can be intentionally obfuscated and is very rarely read by users) that would legally allow them to track your web history – even while you’re not on their site!

In an attempt to resolve this informational discrepancy (these third parties are within legal limits, just not fully transparent), the World Wide Web Consortium (W3C) proposed a specification known as Do Not Track which “is designed to enable users to opt-out of online tracking” [2]. Continue reading