Monday, October 13, 2014

Justification for Your Paranoia

October is National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, so my work-life is full of memes right now, trying to get people in my company to not leave their pants down security-wise. Posters, videos, social media posts, surveys...all the nonsense that marketing people get to put up with every day. It's...surprisingly fun, with the caveat that I know its only for a limited time.

Some of them are even a little clever or funny...

Not many though.

Unrelated, most of my gaming this month is on hold due to family health issues, weddings, travel, and other such issues, so, you should expect to see a lot more security-related posts and a lot fewer gaming-related posts this month. If you are only here for the gaming, you should probably just ignore your feed until November.

And now for your regularly scheduled paranoia:

1) If you shop at any store, your credit card data has probably been stolen...
I've recently written about data breaches at Home DepotUPS and SuperValu. Well, there have been a ton of similar breaches lately, such that it seems safe to assume that every POS credit card reader everywhere has been compromised. There have been more recent hacks at Dairy QueenKmartJimmy Johns, and many more (including many small local establishments that use common, potentially infected payment card readers).
The Consumerist agrees with me and has put together this nice summary for you.
2) Yet another reason that Cops are not to be trusted...
Local law enforcement agencies in more than 35 US states have been distributing spyware to families, ostensibly so that parents can protect their children from online predators. According to the Electronic Frontier Foundation (EFF), the software, known as ComputerCOP, "is neither safe nor secure...[and] isn't particularly effective either." The product is a “keylogger,” (captures keystroke data) that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption.
If you've been scammed by a Cop into installing this malware on your machine, here is how to get rid of it.
3) Adobe is spying on what you are reading...
The Digital Reader reported that the latest version of Adobe's e-reader, Digital Editions 4, was tracking users and uploading information to Adobe servers without encrypting it. Adobe is collecting data on the books that users add to their library, including the pages that were read, title, publisher, and other metadata. This has been independently confirmed by Ars Technica, and others, confirming that the data was transmitted even for epub documents without DRM and for ebooks stored elsewhere on the computer ("not just ebooks I opened in DE4, but also ebooks I store in calibre and every epub ebook I happen to have sitting on my hard disk").
Adobe has acknowledged that its Digital Editions ebook reader gathers information about users' reading histories and sends the data back to the company unencrypted. Adobe maintains that the feature is designed to prevent piracy. The company says the information it collects, which includes user, device and app IDs; IP addresses; duration of reading; and percentage of book read is data that could be demanded by publishers. Adobe now says it plans to issue an update to the software to address the cleartext data transmission. 
How's this for a connection: Adobe was building in spyware capabilities into its ebook reader software at the same time it has been unable to prevent its Acrobat PDF software from being compromised by attackers. Adobe needs to change its business values to focus on privacy and security of the users of their software. Just adding encryption when the spyware capabilities in their ebook software talks to the Adobe Command and Control server does not do that.  
4) Sometimes, when you spend all your life staring at command lines you just need to have some fun.