Monthly Archives : December 2019

No one is ready for California’s new consumer privacy law

The California Consumer Privacy Act goes into effect January 1st, and it doesn’t look like anyone, even the state of California itself, is totally ready. Draft regulations for enforcing the law are still being finalized at the state level, and questions about specific aspects of the most sweeping privacy regulation since the European Union’s General Data Protection Regulation (GDPR) are still not clear.

“If you thought the GDPR was bumpy, the CCPA is going to be a real roller coaster,” Reece Hirsch tells The Verge. Hirsch is co-head of Morgan Lewis’ privacy and cybersecurity practice and has been advising clients on how to adapt to the new law. “This is a complex set of new rules, which are still a work in progress.”

The crux of the CCPA is this: if your company buys or sells data on at least 50,000 California residents each year, you have to disclose to those residents what you’re doing with the data, and, they can request you not sell it. Consumers can also request companies bound by the CCPA delete all their personal data. And as The Wall Street Journal reported, websites with third-party tracking are supposed to add a “Do Not Sell My Personal Information” button that if clicked, prohibits the site from sending data about the customer to any third parties, including advertisers.

 

David_Shelley_How_Hacking_Can_Help_Protect_Your_Business_Youtube

A Guide to Ethical Hacking

The term “hacking” has a negative connotation for most, but the right kind of hacking can actually protect you. Here’s how.

Today I’m going to talk a little bit about ethical hacking to clear up some common misconceptions and share what the future holds within this industry.

Over the last two years, we’ve really focused on building up the side of our business where we go out and work with our clients and other organizations to do ethical hacking, or “white hacking,” a form of hacking that aims to shore up any vulnerabilities instead of trying to take advantage of someone.

Here’s an outline of the discussion, with timestamps so that you can skip ahead to the section(s) that interest you the most:

1:30- The two types of hacking

2:45- How we provide solutions to organizations through white hacking

3:57- Three alternative software products that you can install on your servers to prevent hacking

4:35- Why cloud computing increases the risk of being hacked and underscores the importance of having local data security

6:25- An increasingly common practice from black hackers to watch out for

7:10- Wrapping things up

If you have further questions about what I discussed in today’s video or anything else related to your IT security, don’t hesitate to reach out and give me a call or send me an email.

Zynga hack affected 170 million accounts!

A September password breach of online game company Zynga affected 170 million people, according to a new report from Have I Been Pwned. According to that site, the Zynga hack ranks 10th among its all-time largest hacks of user information.

Zynga admitted in September that “log-in information for certain players of certain Draw Something and Words With Friends” may have been accessed. Zynga contacted affected users at the time, but it has yet to confirm the size of the breach. According to the company, no financial information was accessed.

A Zynga spokesperson said on Thursday that the company would not be commenting beyond that September statement.

A hacker calling himself Gnosticplayers told Hacker News in September that he had accessed users’ names, email addresses, login IDs, phone numbers, and passwords.

As of November, Zynga had 67 million monthly active users. The company reported third-quarter revenue of $345.3 million, a 48 percent year-over-year increase, on net income of $230 million. It has a market cap of $5.9 billion.

 

Best Gaming Laptop under $1000

NUMBER 1 GAMING LAPTOP 2019

The specs on this laptop are incredible considering the thin appearance. With a large screen of 17.3 inches and, you are able to see the finer details of almost any game. It also comes with a 3.8 GHz Intel Core i7 processor and 8 GB DDR4 RAM. The hard drive though is incredible with its 1000 GB hybrid drive system. And with it being powered by a GeForce GTX 1050 GPU, it has 30 percent better performance than previous MSI gaming laptops. This cooler boost technology and 6-7 heatpipes prevents any throttle and overheating while maintaining the best system performance. Since it even comes with an Intel Core i7-7700HQ processor, this laptop is hard to beat and is bound to produce a quality gaming experience.Even though it doesn’t have to do with the power of the laptop, the MSI brings a Steelseries gaming keyboard to the table as well. Designed for professional gamers, this keyboard comes with pure color backlighting, as well as support for anti-ghosting of up to an amazing 45 keys. MSI also utilizes a Nahimic 2 Audio Enhancement. This gives an astounding 7.1 surround sound as well as reduces the external noises. You will never miss a beat with this 3D sound enhancement!

I Ditched Google for DuckDuckGo. Here’s Why You Should Too

It all started with a realization: Most the things I search for are easy to find. Did I really need the all-seeing, all-knowing algorithms of Google to assist me? Probably not. So I made a simple change: I opened up Firefox on my Android phone and switched Google search for DuckDuckGo. As a result, I’ve had a fairly tedious but important revelation: I search for really obvious stuff. Google’s own data backs this up. Its of the most searched-for terms is basically a list of names and events, I don’t need to buy into Google’s leviathan network of privacy-invading trackers to find out what Black Panther is and when I can go and see it at my local cinema.

While I continue to use Google at work (more out of necessity, as my employer runs on G-Suite), on my phone I’m all about DuckDuckGo. I had, based on zero evidence, convinced myself that finding things on the internet was hard and, inevitably, involved a fair amount of tracking. After two years of not being tracked and targeted, I have slowly come to realize that this is nonsense.

DuckDuckGo works in broadly the same way as any other search engine, Google included. It combines data from hundreds of sources, including Wolfram Alpha, Wikipedia and Bing, with its own web crawler to surface the most relevant results. Google does exactly the same, albeit on a somewhat larger scale. The key difference: DuckDuckGo does not store IP addresses or user information.

Google.com vs DuckDuckGo.com - YouTube

Office 365 Accounts Targeted Using OAuth Apps – Phishing

Screen Shot 2019-12-15 at 2.20.10 PM

A new and interesting phishing campaign has been discovered that doesn’t target a recipient’s username and password, but rather uses the novel approach of gaining access to a recipient’s Office 365 account and its data through the Microsoft OAuth API.  Most all Microsoft Office 365 phishing attacks that we see are designed to steal a user’s login name and password by impersonating a Microsoft login landing page.  In a phishing campaign discovered by threat intelligence and mitigation firm PhishLabs, attackers are no longer targeting a user’s login credentials, but are now using Microsoft Office 365 OAuth apps to hijack a recipient’s account.  This is a new and interesting approach for getting into user accounts and taking control of a users account and contacts. It was also show the over 40% of O365 users do not even have two factor authentication in place for their email.

This attack method is unique in that it’s effectively malware targeting a victim’s Office 365 account.  It’s highly persistent, will completely bypass most traditional defensive measures, and is difficult to detect and remove unless you know what you’re looking for.  It’s really quite clever, and extremely dangerous and users need to be mindful moving forward.   OAuth is a open authentication and permission standard that is commonly used by security software, social sites, and cloud services to allow third-parties to access a user’s account and perform actions on their behalf.  OAuth apps gain permission by displaying a “Permissions requested” dialog that shows what permissions the third-party is requesting and then asks the user to accept the request.  If the user accepts the app’s request, a security token associated with the user will be sent to the app developer, which allows them to access the user’s data and services from their own servers and applications.

Your Internet Provider Likely Juiced Its Official Speed Scores

AT&T Inc. was dismayed at its report card from a government test measuring internet speeds. So the telecom giant sought to change its grade.

The company pushed the Federal Communications Commission to omit unflattering data on its DSL internet service from the report, which assesses whether providers are delivering speeds they advertise. AT&T also didn’t provide information the FCC needed to validate speeds on those customers, the test officials confirmed.

In the end, the DSL data was left out of the report released late last year, to the chagrin of some agency officials. AT&T’s remaining speed tiers notched high marks.

The FCC’s nearly decade-old program, Measuring Broadband America, is the U.S. government’s gauge of whether home internet-service providers are holding up their end of the bargain when they promise users certain speeds.

Companies wield tremendous influence over the study and often employ tactics to boost their scores, according to interviews with more than two dozen industry executives, engineers and government officials. As a result, the FCC’s report likely gives consumers an unreliable measure of internet providers’ performances by overstating speeds.

“It’s hard to trust the numbers when you know” of efforts to massage the results, said veteran cable and telecom consultant Mark Lubow.

The stakes are high. Cable and phone companies often tout the scores while trying to sell packages promising ever-faster speeds at higher prices, and they are increasingly leaning on their broadband businesses to drive growth.

 

Image result for graph

Chromebooks versus Windows laptops, Which should you buy?

A notebook PC powered by Microsoft Windows offers several advantages: Windows offers the most flexibility to run just about any app, as well as the choice of any browser you choose. You can tweak and configure your PC as you choose.

A Chromebook powered by Google’s Chrome OS is a simpler, more optimized affair, a locked-down PC that’s little more than the Chrome browser—but it can be hundreds of dollars cheaper than a comparable Windows PC, too.

There’s one more wrinkle: For years, there were Chromebooks and…not much else. Now there are Chrome OS-powered convertibles like the Chromebook Flip, as well as Chrome OS-powered tablets like the Google Pixel Slate. (Chromeboxes are a separate, niche class of standalone Chrome OS-powered boxes that lack a display.) Besides the obvious physical differences, a Chromebook is no different than a Chrome tablet.

Why Some Cities Are Banning Facial Recognition Technology

A handful of US cities have banned government use of facial recognition technology due to concerns over its accuracy and privacy. WIRED’s Tom Simonite talks with computer vision scientist and lawyer Gretchen Greene about the controversy surrounding the use of this technology.

HAVE YOU NOTICED THAT FACIAL RECOGNITION
IS EVERYWHERE AT THE MOMENT?
IT’S HOW WE UNLOCK OUR PHONES, TAG PEOPLE ON FACEBOOK,
AND AT SOME US AIRPORTS, IT’S BEING USED TO SPEED UP
THE PROCESS OF BOARDING AN AIRCRAFT.
BUT THERE ARE ALSO CONCERNS ABOUT THIS TECHNOLOGY AS WELL FROM LAWMAKERS AND CIVIL RIGHTS GROUPS.
I’M HERE WITH GRETCHEN GREENE, A COMPUTER VISION EXPERT
AND LAWYER, WHO’S GOING TO HELP US UNDERSTAND THIS TECHNOLOGY, THANK YOU FOR JOINING US GRETCHEN.
HI TOM, GREAT TO BE HERE.
THE USES THAT ARE REALLY DRIVING
THE PUBLIC DEBATE RIGHT NOW, ARE AROUND
THE GOVERNMENT USES, AND SO WE’VE SEEN
THAT THE CITY OF SAN FRANCISCO WHERE WE ARE NOW
RECENTLY BANNED USE OF FACIAL RECOGNITION
BY IT’S AGENCIES, OAKLAND ACROSS THE BAY,
DID SO TOO, AND SO DID SOME OF LOWER MASSACHUSETTS.
IT’S VERY UNUSUAL FOR A GOVERNMENT AT ANY LEVEL
TO COMPLETELY BAN A TECHNOLOGY, WHAT’S DRIVING THIS?
RIGHT, SO ONE OF THE USES, OR MAYBE THE PRIMARY USE
THAT I THINK DRIVES THAT IS LAW ENFORCEMENT’S USE,
AND SO BESIDES IT BORDERS, IT’S ALSO LOCAL GOVERNMENT.
YOU’VE SEEN IT ON TV EPISODES,
WHERE ON CRIME SHOWS, THEY JUST SORT OF SEARCH,
AND IT’S LIKE, OH THAT’S WHO THAT IS,
ONE OF THE ISSUES IS HOW THAT INTERSECTS
WITH OVERALL SURVEILLANCE POSSIBILITIES.
 111

AMD plots multicore domination with 64-core Threadripper 3990X processor, coming in 2020

In October, AMD launched the Epyc 7H12, a 64-core behemoth designed to take down Intel’s Xeon in the server market. Now AMD has confirmed plans for an epyc…er, epic smackdown of Intel in the desktop PC with the 64-core Threadripper 3990X. No, AMD’s 64-core Threadripper 3990X isn’t quite here—and boy, Intel should thank its lucky stars for that. After AMD’s 16-core Ryzen 9 3950X danced on Intel’s head by topping the Intel Core i9-9900KS in both single-core and multithreaded performance, the 32-core Threadripper 3970X just added insult to injury. And with the 64-core Threadripper 3990X on the horizon…wow. Wow. Hulk SMASH. Granted, we don’t know everything about this new chip, including the key metric: the price. A four-digit price tag should be expected. But here’s what we do know about the 3990X: It will have 64 cores and 128 threads. It will have 288MB of total cache. It will consume 280W, the same TDP as the current Threadripper 3970X. You won’t be able to afford it. But AMD’s 64-core monstrosity will probably be priced way above the threshold of the average enthusiast.

 

77