Here are some infosec-related resources, tips, and interesting things I’ve come across in the last few days, all of which are related to to cyber security and you. Hope you find this stuff useful.
Edit: Here’s a late-breaker to add to the list:
- Surveillance Self-Defense is the Electronic Frontier Foundation’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.
Photo by Brad & Ying
1. LinkedIn. I deleted my profile and completely quit this most useless of social networks. In all the years I kept up my profile and made connections, I got absolutely nothing in return. Even when searching for a job, it was useless. In retrospect, it’s like the Classmates.com of the aughts.
2. Dropbox. First they looked at user files, then they hired Condoleezza (why does her name have two z’s) Rice as their “privacy advisor.” Besides, I wasn’t really using it anyway.
3. Facebook. Again. But then I had to rejoin. It’s a very necessary evil, unfortunately, being in a band and trying to connect to fans, venues, and clients.
Get your updates going as soon as possible, as this looks pretty serious!
This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin.
So not only is that an issue, but if you haven’t done your part in protecting yourself from this week’s HeartBleed bug, which has scared the bejeezus out of the entire Internet, get yourself fixed up ASAP!
If you are lucky enough to have been using LastPass to manage your passwords, log in there and do a Security Check to find out which websites you frequent may be vulnerable to that bug. LastPass will also help you quickly change passwords as needed.
Good luck, citizens!
Facebook can now read your texts. Why in the world do they need to do that?
This has been shown to be true of the Android version of Facebook since about December 20, 2013, according to this Reddit thread. You can’t tell if it’s true on the iPhone version, but it’s safe to assume they are doing it there too.
Another reason I am happy to have quit Facebook.
“The chances that we’ll see another big breach like this are probably 80 percent.”
This is why it is time for the United States to fix its weak payment security schema.
“U.S. credit and debit cards rely on an easy-to-copy magnetic strip on the back of the card, which stores account information using the same technology as cassette tapes.”
Remember cassette tapes?