Internet data breaches, Google+ and more…

Google_blog-1180x480

Yesterday, the news broke that Google is to kill off its social media platform Google+ because of a massive unreported data breach.

The official line is reported to be:

“The company discovered a bug in one of Google+’s People APIs that allowed apps access to data from Google+ profiles that weren’t marked as public. It included static data fields such as name, email, occupation, gender and age. It did not include information from Google+ posts. The bug was patched in March 2018, but Google didn’t inform users at that point. “We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks,” the company said in a blog post. “That means we cannot confirm which users were impacted by this bug.”

However, Google+ will continue as a product for Enterprise users. It’s by far the most popular use of the social network. Therefore, the company has made the decision that Google+ is better suited as an internal social network for companies, rather than a consumer product. Google will announce new Enterprise-focused products for Google+ soon”.

(engadget.com)

A ‘leaked’ memo included:

‘Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.

(theguardian.com) 

 

My own view is:

As Google is re-developing a form of G+ for inter-corporate communications, yesterdays confirmation of data loss is timed to coincide with their new platform’s progress. Large-scale commercial internal networks are major revenue earners. They require far less maintenance and development than massive public platforms.

My conclusion is, the move by Google, seen by many as ‘dumping’ their dedicated public users, is one of pure commercial practice. We must wait and see if G+ simply fade away as Google hope, or if this decision will alienate users to the point they ditch Googles other products.

I know there are many other companies, both large and small, waiting to grab a slice of Googles internet cake who are ready to provide alternatives.

We shall have to wait and see. But looking at Google’s history, G+ will simply become history and Google will have made another profitable corporate decision.

151027-facebook-headquarters-1-100624905-large

Now, I use Google+ along with Facebook and other (social) media platforms. I shop, online and on the ‘high street’, at major retailers. I bank, have a passport and a driving license. I am registered with the National Health Service and the Inland Revenue. I do the thousand and one things most of us do in our everyday lives.

Which means I am on one million and one billion various computer databases, from Government statistical through to tax, health, police, social and political. I am sure, somewhere, I am in MI5 and MI6’s database, most probably the CIA, Mossad, SVR, GRU, and MSS because I have a military background and a connection with the British Royal Family.

unnamed

 

I know, without any doubts whatsoever my information is on and shared by/with, thousands of commercial enterprises around the world. I have junk mail, email and phone call logs as proof.

I know this, yet I do let it worry me because there is nothing I can do about it unless I escape to the lost world of Neverlandislandjungleretreat and never raise my head above the totally off-grid parapet. Which sounds pretty good in some ways but is impractical for most of us.

So, I accept my details are not private and live accordingly.

Data breaches and hacking are as much part of this world’s current situation and social culture as is terrorism, gender disruption and socio-economic inflation.

Personally, I cannot understand what satisfaction someone could get from creating and spreading a computer virus, although I can see the intent with ransom-wear and state-sponsored cyber-attacks. (Practice for the cyberwars to come?)

download

Sadly, I can also see where the criminal element of data theft fits into the larger information technological world we all now, by default, live in.

Greed, avarice and power have always been the prime motives behind most illegalities. Nothing has changed except the methods and opportunities presented.

Governments and the less informed members of society will jump up and down and stomp their feet each time a major breach of information protocol is reported.

The government ministers will shout, saying it is their job to do so on behalf of the electorate, while most will be doing so simply to be seen, for self-promotion, regardless to what ‘spin’ or ‘party line’ mantra they mutter.

The less informed members of our society because, they are influenced, even controlled, by fickle, shallow, manipulative journalistic propaganda and bullshite.

So, Google has issues with G+ and what else are they not revealing?

Facebook still has ongoing issues.

But so, do:

Yahoo, Reddit, Instagram, FedEx, Ticketmaster, Adidas, U.S. Air Force, The FriendFinder Network, eBay, UnityPoint Health, St. Peter’s Surgery & Endoscopy Center, TaskRabbit, Equifax, Ticketfly, Heartland Payment Systems, Air Canada, University at Buffalo, Target Stores, Partners HealthCare, TJX Companies, Inc., Uber, Facebook, Aultman Health Foundation, Orbitz, Aetna, JP Morgan Chase, Inogen, US Office of Personnel Management (OPM), British Airways, Sony’s PlayStation Network, BJC Healthcare, Anthem, Dignity Health, RSA Security, CarePlus, Stuxnet, VeriSign, Home Depot, Jason’s Deli, Click2Gov – Midwest City, Under Armour, Saks Fifth Avenue, Bithumb, Med Associates, Chili’s, Nuance Communications, Lord & Taylor, SunTrust Banks, Panera Bread, City of Goodyear, Rail Europe, LifeBridge Health, MyHeritage, Coinrail, Chicago Public Schools (CPS) and Adobe?

ALL THE ABOVE SUFFERED MAJOR DATA AND SECURITY BREACHES IN THE LAST COUPLE OF YEARS, MANY DURING 2018.

In 2017, the world saw more data breaches than any year prior. On December 20th, the downloadIdentity Theft Resource Center (ITRC) reported that there were 1,293 total data breaches, compromising more than 174 million records. That’s 45% more breaches than 2016.

 

In truth, what can ‘Little ‘ol you and me’ do when major multi conglomerates and the world governments agencies cannot protect their own systems.

The answer is “Not a lot”.

Like any other crime, do what you can to stay safe, hope you are not a target and carry on with your regular, normal life.

Data breaches and information theft is, sadly and ashamedly, something we must learn to live with. Fretting and worrying about cyber attacks and data loss will not change a single thing, but it will give your face wrinkles and make you look older sooner.

41530671_446651229159319_7854224569849085952_n
©PaulWhite2018

Personally, I have better things to do with my life than sit here worrying.

Which is why I am such a handsome, young looking lad!

 

Advertisements

Passwords: Have you been pwned?

If you want to make your world a safer place?

Start with your passwords.

From logging in to our social media accounts to buying new shoes, we wouldn’t be able to get much done without first logging into an account with a password. The problem is, as more and more of our everyday lives have gone online, particularly as authors and writers, when we need a wide range of internet sites and platforms to market and promote our books.

Chances are you have needed to create more passwords than ever, which can cause problems. After all, who uses a different password for each and every site? Perhaps not many of us, if we’re being honest.

Want to make the world a safer place? Start with your passwords!Indeed, according to new research from Kaspersky Lab, people tend to fall into one of two camps: those who use passwords that are complex but difficult to remember and those who create passwords that are easy to remember but easy to crack.

Password dilemma

Complex but forgettable

Those of us who create complex but difficult to remember passwords may have more secure accounts, but sadly they also have a tendency to forget these passwords. After all, it’s a lot easier to remember password123 than to remember Pa$$W0rdTh3G14nT123.

And a fair number of people surveyed understood the need for complex passwords, with 63% selecting online banking accounts, 42% payment applications including e-wallets, and 41% online shopping as types of accounts that need the most secure passwords.

However, 51% of people admitted to storing their passwords insecurely, and a staggering 23% said they store them on a notepad.

Short, handy, easy to crack

According to the research, a disheartening 10% of people surveyed admitted to using the same password for every account they own — a practice that increases the very real risk of account compromise. Reuse one password for all accounts and you ensure that if one account is compromised, they all are. You can check to see which accounts of yours could be compromised here.

On top of that, the research showed that 17% of those surveyed had faced the threat of account compromise, or actually had an account compromised, in the past 12 months.

Time to choose new password

The third way

One solution can fix both problems: a password manager such as Kaspersky Password Manager. Using a password manager might sound like something only geeks would do, but actually, it’s surprisingly easy to use. You create one complex password (we’re all capable of remembering one difficult password!), and it protects all of the other passwords. The password manager stores and fills in passwords for all of your online accounts, and everything is secured using encryption so that nobody can snoop.

Final tips

  1. However, if you’re looking for some quick tips, resident tech expert David Emm suggests the following:
  2. Make every password at least 15 characters long — the longer the better.
  3. Don’t make passwords guessable. There’s a good chance that personal details such as your date of birth, place of birth, partner’s name, and so forth can be found online — for example, on your Facebook wall.
  4. Don’t use real words. They are open to “dictionary attacks,” someone using a program to quickly try a huge list of possible words until they find one that matches your password.
  5. Combine letters (including uppercase letters), numbers, and symbols.
  6. Don’t “recycle” passwords — say, david1,” “david2,” “david3,” etc.
  7. Use a different password for each account to prevent all of your accounts becoming vulnerable.
  8. If you suspect your password has been compromised, change it immediately.

Stay safe out there.


Sometimes, just sometimes, a book comes along which tends to re-define certain aspects of expectation.

This new release from Paul White, DARK WORDS, is a book which contains several short stories, poetry and some written works which defy classification, they are… prose, articles, essays for want of interpretation.
Each written piece is deep, meaningful and emotive. Paul explores avenues, dark avenues of the human psyche where many dare not venture.Hurt, fear, pain, self-harm, love, hate, loathing, love lost, depression, loneliness, anger, suicide, anxiety, all these and more are considered within the pages of DARK WORDS.

In Paul’s own words… 

“Dark days come to us all at some time in our lives.Heartbreak, grief, fear, loss, pain and anxiety collide and conspire, individually and collectively to bring us down.We feel the battles rage within ourselves; they fight and scream in a tortured anguish of emotional turmoil.Solace is often found alone, in dimly lit rooms, with mellow songs playing over and again.Reading DARK WORDS, sharing the pain within these tales help us dry our own tears, to drive away the clouds of uncertainty and crush the demons which haunt our souls.To accept and acknowledge the blackest days of our lives often reveals the pathway from the shadow maze of obscure reflection, into the sunlight of possible future.Dark days come to us all, at some time in our lives. They are not the place for us to dwell for too long.They are not our home.”

DARK WORDS is one of those books you should, you need, to have on your bookshelf. One of those books everybody should read, at least once in their lifetime.
Get your copy today, now,  http://amzn.to/2E79PI

Don’t worry if you live Stateside, Dark Words is available on Amazon.com too HERE

DWnow4

 

 

A ‘Heads Up’ about that little green padlock (HTTPS – Secure)… or NOT.

A secure connection does not mean a secure site

The green lock means that the site has been issued a certificate and that a pair of cryptographic keys has been generated for it. Such sites encrypt information transmitted between you and the site. In this case, the page URLs begin with HTTPS, with the last “S” standing for “Secure.”

button-41707_960_720

Sure, encrypting transmitted data is a good thing. It means that information exchanged between your browser and the site is not accessible to third parties—ISPs, network administrators, intruders, and so on. It lets you enter passwords or credit card details without worrying about prying eyes.

But the problem is that the green lock and the issued certificate say nothing about the site itself. A phishing page can just as readily get a certificate and encrypt all traffic that flows between you and it.

Put simply, all a green lock ensures is that no one else can spy on the data you enter. But your password can still be stolen by the site itself if it’s fake.

Phishers make active use of this: According to Phishlabs, a quarter of all phishing attacks today are carried out on HTTPS sites (two years ago it was less than 1 percent). Moreover, more than 80 percent of users believe that the mere presence of a little green lock and the word “Secure” next to the URL means the site is safe, and they don’t think too hard before entering their data.

 

What if the lock isn’t green?

If the address bar shows no lock at all, that means the website does not use encryption, exchanging information with your browser using standard HTTP.

HTTPS-versus-HTTP-380x283

Google Chrome has started tagging such websites as insecure. They might, in fact, be squeaky clean, but they don’t encrypt traffic between you and the server. Most website owners don’t want Google to label their websites as unsafe, so more and more are migrating to HTTPS. In any case, entering sensitive data on an HTTP site is a bad idea — anyone can spy on it.

https3

 

The second variant you might see is a lock icon crisscrossed with red lines and the HTTPS letters marked in red. That means the website has a certificate, but the certificate is unverified or out of date. That is, the connection between you and the server is encrypted, but no one can guarantee that the domain really belongs to the company indicated on the site. This is the most suspicious scenario; usually, such certificates are used for test purposes only.

cert_error_chrome-600x361

Alternatively, if the certificate has expired and the owner has not gotten around to renewing it, browsers will tag the page as unsafe, but more visibly, by displaying a red lock warning. In either case, take the red as the warning it is and avoid those sites — never mind entering any personal data on them.

 

How not to fall for the bait

To sum up, the presence of a certificate and the green lock means only that the data transmitted between you and the site is encrypted, and that the certificate was issued by a trusted certificate authority. But it doesn’t prevent an HTTPS site from being malicious, a fact that is most skillfully manipulated by phishing scammers.

So always be alert, no matter how safe the site seems at first glance.

  • Never enter logins, passwords, banking credentials, or any other personal information on the site unless you are sure of its authenticity. To do so, always check the domain name — and very carefully; the name of a fake site might differ by only one character. And ensure links are reliable before clicking.
  • Always consider what a particular site is offering, whether it looks suspicious, and whether you really need to register on it.
  • Make sure your devices are well protected: Kaspersky Internet Security checks URLs against an extensive database of phishing sites, and it detects scams regardless of how “safe” the resource looks.

 

I hope this highlights some areas you may not have been aware of. It’s always good to know ‘stuff’

Feel free to check out my books, Wip’s, blogs and more on my own HTTPS secure website at https://paulznewpostbox.wixsite.com/paul-white

You may also want to read about Ads.txt on this blog HERE