According to Facebook, malicious quiz apps were used to harvest thousands of users’ profile data. Anyone who wants to take the quizzes are asked to install browser extensions, which then lift data ranging from names and profile pictures to private lists of friends. Facebook reported that these were installed about 63,000 times between 2016 and October 2018.
The quizzes, with titles such as ‘What does your eye colour say about you?’ and ‘Do people love you for your intelligence or your beauty?’, gained access to this information via the Facebook Login system – which enables connections between third party apps and Facebook profiles. While the system is intended to verify that such connections are secure, in this case, Facebook says users were falsely told the app would retrieve only a limited amount of public data from their profiles.
www.bbc.co.uk/technews (11th March 2019)
The team behind the pocket-sized Raspberry Pi computer is opening its first high street store in the city it was invented – Cambridge. The firm will also offer a new starter kit of parts. Ebden Upton, the founder, hopes the shop will attract customers who are ‘curious’ about the brand.
The store will offer merchandise and advice on the use of the computer which measures 3.4 inches by 2.1 inches and is designed to encourage people to try coding and programming. The computer was the brainchild of the Raspberry Pi Foundation, established by a group of Cambridge scientists in 2006 and launched in 2012. The Raspberry Pi resembles a motherboard with ports and chips exposed, used principally as an educational tool for programming. It has now sold 25 million units globally and remains the best selling British computer.
www.bbc.co.uk/technews (7th February 2019)
The European Commission has ordered the recall of a children’s smartwatch because it leaves them open to being contacted and located by attackers. The Commission said that the Enox Safe-Kid-One device posed a serious risk as data sent to and from the watch was unencrypted allowing data to be easily taken and changed. The recall is believed to be the first issued because a product does not protect user data.
‘A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS,’ wrote the Commission in its alert notice.
Enox has said that the decision was excessive. Ole Anton Bieltvedt, the founder of Enox, said that the watch had passed tests carried out by German regulators last year allowing it to be sold. The version the Commission tested was no longer on sale, he added.
www.bbc.co.uk/technews (5th February 2019)
WhatsApp is limiting all its members to forwarding any single message up to five times in an effort to tackle the spread of false information on the platform. This policy was introduced in India six months ago after a number of mob lynchings that were blamed on fake reports spread via the service.
WhatsApp announced the decision at an event in Jakarta, Indonesia. ‘ This will keep WhatsApp focused on private messaging with close contacts. The forward limit will significantly reduce forwarded messages around the world.’
Users could previously forward messages up to twenty times and there can be up to 256 users enrolled in a WhatsApp group. This meant that a single user could forward a message to up to 5,120 people, with the changes this figure is now 1,280. There is nothing, however, to stop those on the receiving end each forwarding the message up to five times themselves.
The restriction comes at a time WhatsApp and Facebook’s other services are under scrutiny for their role in the spread of propaganda and other untruths online. Last week, Facebook announced it had removed 500 pages and accounts allegedly involved in peddling fake news in Central Europe, Ukraine and other Eastern European nations. It also recently announced that it had employed a UK-fact-checking service to flag content on its main platform. However, the use of end-to-end encryption by WhatsApp means its messages can only be read by their senders and recipients, limiting the firm’s ability to spot false reports.
(www.bbc.co.uk/technews 22nd January 19)
A report from the US Congress has revealed that credit agency Equifax’s 2017 network breach (which affected 143 million people) was not spotted because of an expired software certificate.
Last week, mobile operator O2 blamed a similar issue for causing a network blackout which affected the UK.
Digital certificates are basically small pieces of code created by using sophisticated mathematics that ensure that communication between devices or websites are sent in an encrypted manner, and are therefore secure. They play an essential role in keeping IT infrastructure up and running safely and are issued by certificate authorities, who electronically vouch that the certificates are genuine. When issued, these certificates are given an expiration date of anything between a few months and several years.
Digital certificates are issued for a variety of software that encrypts communications, including those embedded in hardware. In O2’s case it seems that a certificate linked to network equipment installed by Ericsson was the weak link.
Equifax’s certificate was linked to crucial software that monitored the network for suspicious traffic, meaning the hackers were not spotted in time.
While some think that the reason they expire is to allow the authorities to keep charging for renewals, there are some valid reasons why they need to be regularly updated – including changing technology, new vulnerabilities to encryption and the ownership of the certificate changing hands.
In O2’s case, the certificate reached its expiry date, which in turn meant that when different parts of the network attempted to communicate securely, they no longer trusted each other and refused to connect.
In Equifax’s case, the certificate in question was linked to software which monitored the network for suspicious traffic and had expired 19 months ahead of the breach. This means that their networks were not being monitored for hackers.
There are billions of certificates in circulation and, with the internet of things flourishing and connecting ever more devices to the web, more are needed each day.
“As business becomes digital in increasingly complex and ubiquitous ways, all enterprises need to protect themselves from repeating this disastrous outcome. A best practice in so doing is to automate the discovery, monitoring, and renewal of certificates of all types,’ said Tim Callan, a senior fellow at Sectigo.
“The proliferation of certificates and ever-increasing complexity of IT infrastructure has made it more and more challenging for IT professionals to stay on top of this component of their networks.”
www.bbc.co,uk/technews (12th December 2018)
The woman who created and sold what many recognise as the world’s first word processor has died at the age of 93. Evelyn Berezin called the device the Data Secretary. She launched the product in 1971 with her company Redactron.
Redactron grew from 9 employees to nearly 500 and was named one of America’s top leaders by Business Week magazine in the year she sold it, 1976.
The innovation – which matched customers and available seats – was tested by United Airlines in 1962. According to the Computer History Museum it had a one second response time and worked for 11 years without any central system failures.
In addition, Ms Berezin helped pioneer other types of special-purpose computing such as: an automated banking system, a weapons-targeting calculator for the US Defence Department, and terminals for a horse-racing track that monitored how much money was being bet on each animal.
www.bbc.co.uk/technews (13th December 2018)