Friday, January 07, 2022

How to become a scammer…

https://threatpost.com/google-voice-authentication-scam/177421/

Google Voice Authentication Scam Leaves Victims on the Hook

The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week.

Fluffy is missing.

You post your lost pet’s photo online, hoping that some good Samaritan will find Fluffy, listing your phone number and crossing your fingers.

You get a text or email from somebody who thinks they’ve found Fluffy – or, say, somebody who wants to buy that scruffy old couch you posted for sale on Craigslist.

The purported lost-pet-finder/old-couch-aficionado tells you they don’t want to get scammed, though. They’ve heard about fake online listings and want to verify that you’re a real person and not a bot, or they might say that they want to verify that you’re the pet’s true owner.

So they tell you they will send you a Google authentication code in the form of a voice call or a text message, and then ask you to repeat the number back to them to prove you’re real.

In reality, they’re setting up a Google Voice account in your name, using your phone number, and the “authentication” code is actually the two-step verification code needed to complete the set-up process.

There are a growing number of scammers are rolling out this Google Voice scam — to the point where the FBI was moved to issue a warning about them this week.



Helping to define the minimum acceptable level of computer security? Do this if you want us to assume any of the risk.

https://www.databreaches.net/why-canadian-cyber-insurance-companies-are-requiring-businesses-to-use-multi-factor-authentication/

Why Canadian cyber insurance companies are requiring businesses to use multi-factor authentication

Alyssa DiSabatino reports:

Canadian cyber insurance companies are now requiring businesses to offer multi-factor authentication (MFA) and have cybercrime/data breach response plans in place before qualifying for coverage.
Prudent, since cybercrimes and ransomware attacks are on the rise – Canadians have lost $4.9 billion to ransomware attacks in the last year.

Read more at Canadian Underwriter.



Could the US dictate an “opt-out button” on every website?

https://thehackernews.com/2022/01/france-fines-google-facebook-210.html

France Fines Google, Facebook €210 Million Over Privacy Violating Tracking Cookies

The Commission nationale de l'informatique et des libertés (CNIL), France's data protection watchdog, has slapped Facebook (now Meta Platforms) and Google with fines of €150 million ($170 million) and €60 million ($68 million) for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology.

"The websites facebook.com, google.fr and youtube.com offer a button allowing the user to immediately accept cookies," the authority said. "However, they do not provide an equivalent solution (button or other) enabling the Internet user to easily refuse the deposit of these cookies."



More than GDPR?

https://www.huntonprivacyblog.com/2022/01/06/indias-draft-data-protection-bill-moves-closer-to-passage/

India’s Draft Data Protection Bill Moves Closer to Passage

Stephen Mathias from Kochhar & Co. reports that on December 16, 2021, the Indian Joint Parliamentary Committee (the “JPC”) submitted its report on India’s draft Data Protection Bill (the “Bill”). The Bill is now likely to be passed by Parliament in its next session, beginning in February 2022, and likely will enter into force in the first half of 2022.

One key change relates to notification to the DPA within 72 hours of discovery of a data breach, which the Bill makes mandatory for every breach affecting Indian data subjects. Following notification, the DPA would decide whether data subjects would need to be notified of the data breach.

Additionally, data localization requirements remain unchanged in the Bill. “Critical data” must be processed locally in India. “Sensitive personal data” (including biometric information, government identifiers and financial information) may be transferred out of India, but a copy of the data must be stored in India.

Overall, the Bill goes beyond the GDPR in certain respects and will present new compliance considerations for many businesses subject to the law.



Another angle of the ‘public’ information argument?

https://www.pogowasright.org/background-reports-protected-by-section-230-dennis-v-mylife/

Background Reports Protected by Section 230–Dennis v. MyLife

Eric Goldman writes:

Plaintiffs sued MyLife for selling background reports about them and furnishing “public reputation scores.” MyLife aggregates its data from third-party sources, but the plaintiffs “seek to hold Defendant liable for packaging and re-publishing this information on its website without their permission.”
Article III Standing. The plaintiffs have standing because “both Plaintiffs have pleaded a concrete harm under a disclosure theory, as they allege that MyLife disseminated private and/or inaccurate information about them to third parties through their website.”
Section 230. The case fails due to Section 230.

Read Goldman’s explanation as to why at Technology & Marketing Law Blog.

Case citation: Dennis v. MyLife.com, Inc., 2021 WL 6049830 (D.N.J. Dec. 20, 2021)



Not exactly ‘we can, therefore we must’ but more like ‘no doubt everyone will want to implement this option so lets make that assumption for them.’

https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/

Norton 360 Now Comes With a Cryptominer

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”



For me and my students…

https://www.bespacific.com/how-to-get-free-microsoft-office-for-students/

How to Get Free Microsoft Office for Students

Make Use Of: “Microsoft Office is the most widely used suite of office tools. It includes a word processor, a spreadsheet program, a presentation program, and several other tools. The company also sells different plans designed for non-profit, business, or personal usage. If you are a school administrator, teacher, or student, you might be eligible for a free Microsoft 365 subscription. The Microsoft Office student package is great for students on a budget, especially those who don’t want to or can’t pay the full price for the Office Suite…”



Tools & Techniques.

https://lifehacker.com/how-to-find-anyone-on-the-internet-for-free-1848312948

How to Find Anyone on the Internet for Free

We live in the most connected time in history. We can collaborate with people who live thousands of miles away, virtually visit places without leaving the comfort of our homes, and we can—with varying results—express our every thought to the entire world.

And yet, in some ways, we’re more isolated than ever. It’s become increasingly difficult to find people, simply due to the sheer size of our modern networks. It’s one thing to find someone still living in your neighborhood, but the task can be pretty daunting the wider you have to look.

But sometimes you need to find someone, and the good news is that most of us have a digital presence. Whether it’s idle curiosity about how an old friend is doing, or a customer or business associate whose details you’ve lost, we all sometimes need to find someone, and just popping a name into a search engine won’t always work.



Tools and Techniques.

https://www.makeuseof.com/tag/freemypdf-unlock-restricted-pd/

How to Use FreeMyPDF to Unlock Restricted PDF Files

FreeMyPDF makes accessing a restricted PDF document simple. With this web app, you'll never find yourself locked out of a PDF again.


No comments: