Tag Archives: Facebook

Avira

EFF Privacy Report 2015: Which Companies Have Your Back?

Leave a comment

On Wednesday the EFF published their yearly report called “Who Has Your Back? 2015: Protecting Your Data From Government Requests”. It answers important questions like which companies follow industry-accepted best practices, tell their users about government data demands, disclose policies on data retention or government content removal request, and oppose backdoors.

For the EFF report 24 companies are evaluated and being awarded (or not awarded, depending on the outcome) stars in the five categories mentioned above. Nine companies managed to get stars in all of them: Adobe, Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia, WordPress.com, and Yahoo.

Facebook and Twitter received four out of five stars, with Facebook “not providing transparency into ways it cooperates with the U.S. government to block content and remove accounts” and Twitter „not providing notice after an emergency has ended or a gag has been lifted”.

The worst rating with only one star went to WhatsApp who at least opposes backdoors but seems lacking in all other privacy regards. The EFF recommends WhatsApp to “publicly require a warrant before turning over user content, publish a law enforcement guide and transparency report, have a stronger policy of informing users of government requests, and disclose its data retention policies.”

Take a look at the full report to find out more.

 

The post EFF Privacy Report 2015: Which Companies Have Your Back? appeared first on Avira Blog.

Avira

The Dawn of Privacy-Driven Social Networks

Leave a comment

As Avira focuses on privacy and security issues, and social networks now play a major role in people’s lives, CNET journalist Laura Hautala caught my attention yesterday with her article “Non-creepy social networks make it to your smartphone” (CNET, 15 June 2015).

Partly in response to outrage (in the wake of Edward Snowden’s disclosures) over government surveillance abuses and companies selling personal data from their customers to the highest bidders, a few companies are now attempting to disrupt the dominant paradigm – i.e. to provide private, encrypted alternatives to Facebook and other networks that the public perceives as being more concerned about profit than the privacy of their customers.

Meet the innovative Minds

Manhattan-based Minds, which has run an alternative social media website for two years, just launched a lightweight social-network app for mobile (for Android and iOS) that encrypts all communications – so they are secure and anonymous (able to be read only by the intended recipient). According to the company, Minds is the first social network with an encrypted app and it’s all based on open-source code to ensure that any attempts to read what shouldn’t be read will be transparent to developers.

According to Co-Founder and CEO Bill Ottman, the app launched this week with a two-year base of 30,000 people already using its social website. As Hautala points out, it’s not a number that will cause Facebook any pain (with its near 1.4 billion users), but the IT world can and often does change rapidly.

In addition to encryption of the data going through the app, Minds collects none of its customers’ data. So even if intelligence agencies demand users’ data, the company has nothing to give them.

As for earning revenue, Minds plans to give up traditional ad sales (which it has used on its website version) and instead offer ‘VIP services’ for points, which can be either purchased outright or earned free via interaction. Such services include being able to expand the reach of your content beyond your personal connections.

Others en route

With a focus on similar principles – namely, data privacy, anonymity, and seeing customers are more than just numbers – the Vermont-based social network Ello also plans to launch a mobile app for iOS, Android, and Windows devices. More will come.

While I have personally suggested to friends and colleagues that ‘privacy’ may have been a short-lived concept in human history (and is in fact already gone from our lives in the way our grandparents knew it), it seems that companies led by freedom-loving people continue to rise up against privacy’s seemingly increasing absence.

While writing this, I downloaded the iOS version of the Minds app myself. I’ll activate an account later today and, if I find it to be a promising social experience, maybe I’ll see you there.

The post The Dawn of Privacy-Driven Social Networks appeared first on Avira Blog.

Panda Security

Facebook shields your messages: even the notification email will be encrypted

Leave a comment

key closing door

If we were not aware of the eyes that watch over us on the Internet, Edward Snowden confirmed two years ago that American authorities monitor all our conversations. The former contractor at the NSA revealed that agents of the intelligence services roam freely in our private inboxes.

Then, many technology companies reassured their users and took some actions, but there are still things to do in order to ensure the total security of the conversations. One of the companies that seems ready to settle any suspicion about a possible intrusion is Facebook. According to the latest undertaken actions, everything points to the fact Mark Zuckerberg’s team wants to make it even more difficult for those who intend to snoop around others people’s conversations.

All the users’ connections with Facebook’s servers, including sent and received messages, are already transmitted via secure HTTPS protocol. As if this isn’t enough, the social network has also launched a Tor network service for the reassurance of their most demanding users with respect to privacy.

However, besides the connections that users establish through the service itself, there are other communications which are made via Facebook indirectly, via email. They are the notifications that you receive, for example, when a friend sends you a direct message (unless you have disabled this service).

Since the safety of these messages was not so assured, Facebook has announced that, from now on, all users – if they so decide – may receive them protected by the popular encryption Pretty Good Privacy (PGP). PGP hides the emails from potential intruders with a code system based on a public one (which the sender must have) and a private one (which only the receiver has).

mark zuckerberg

The Setup process is simple:

  • Access your profile
  • Click on the ‘Information‘ section
  • Go to ‘Basic and contact information’. From now on you can also introduce here your PGP public code (if you don’t know what it is or how to get it, the best thing you can do is to read a tutorial), which will be displayed in your profile, available to anyone who wants to send you an encrypted email.

Below the panel you will see a box on which you will have to click if you want all the notifications that Facebook sends you, from now on, also to incorporate this security layer.

like facebook

So whenever the encryption is used, it is very important to remember the code you established to protect your email with PGP. If one day you forget it, you won’t be able to read the notifications from Facebook, and you could lose your account on the social network.

How could you reach this far? Imagine that you had to use, for any reason, the typical Facebook password recovery email: the email would arrive encrypted, and you would only be able to read it and restore the ‘password’ if you can decode it. If you have forgotten our PGP private code in addition to your Facebook password, then you have a problem.

But don’t worry: it gets worse for the cybercriminal who tries to assault your account using the password recovery procedure. This trick will never be useful again. If he doesn’t have the PGP private code which decodes the emails that you receive, he would not be able to restore the password, even if he has access to the Facebook’s mail, because it will be encrypted.

It is a great security measure, without a doubt, which Facebook has just implemented. Now we will just have to wait to see if Zuckerberg’s network is an exception or other social networks decide to make a commitment to the safety of their users.

The post Facebook shields your messages: even the notification email will be encrypted appeared first on MediaCenter Panda Security.

Avira

Alton Towers Facebook Scam

Leave a comment

Following an accident at Alton Towers – a theme and water park in the United Kingdom, a Facebook scam has emerged that purports to show video footage of the accident. Beware: this is a scam, which we shall now dissect for you.

Step 1: The hook

Alton Towers - step 1 the hook

This teaser Facebook post is supposedly taken from the accident (it is not). If you click on it with the (macabre) hope of seeing a video of the crash, you will be taken to a website that has been designed to look just like YouTube.

Step 2: The fake look-alike

Alton Towers fake youtube

Once on that page, you will be asked to post a link to the video on your Facebook timeline…

Step 3: The redirect

Once you accept to post the video to Facebook, you will be redirected to another website, where you will be told that to finally see that video, you need to download a video player update…

Alton Towers - step 3 the redirect

The downloaded file contains adware, that display advertisements and collects information about your browsing habits. The crooks almost certainly make money by getting a percentage of all sales on these third party ads you will be seeing in your browser.

If you see this Alton Towers scam on Facebook, avoid it. If you click on a post that tells you to download a plugin or update to watch the video, exit the page immediately. And for additional security, use Avira Free Antivirus, which blocks adware.

The post Alton Towers Facebook Scam appeared first on Avira Blog.

Avira

Facebook Is Getting More Secure Thanks to OpenPGP

Leave a comment

In order to achieve this goal Facebook just announced in a blog post that is now offering you the ability to encrypt e-mails via OpenPGP, an email encryption system.

“To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications”, says Facebook

So basically the social network will allow you to give it your public key so that mails you might receive from Facebook (for example password resets) will be encrypted.  You can also enable encrypted notifications: Facebook will then sign outbound messages using your key so that you can be sure the emails are genuine.

The encryption system Facebook is using is OpenPGP where the PGP stands for “Pretty Good Privacy”. It’s one of the most popular standards when it comes to protecting email and should really serve its purpose well. Read this article if you want to find out more about Public Key Cryptography and PGP – it really will make the whole technique easier to understand.

The post Facebook Is Getting More Secure Thanks to OpenPGP appeared first on Avira Blog.

Avira

Scamware or why you shouldn’t believe in miracles

Leave a comment

We normally make fun of this, or just totally ignore it. We know that it probably is a scam. So, if we don’t believe those ads, why do we believe in some apps? Apps that advertise things like:

  1. Get free stuff in our shop through your favorite social network with the ‘Just click and win’!
  2. Fix your computer; increase your RAM and hard disk space all in one click with ‘Ultra Optimizer Plus’!
  3. Install this app on your phone to get ‘Sexy videos on your phone for free 😉😉 ‘!
  4. Buy the NEW SUPER SHINY (not official) Video ‘Not-Fake Player’!

Nowadays Social Networks appear to be the best places to find victims for scams. Who hasn’t seen offers like “Like and share to win an iPhone”, “See the leaked video of the last Pop Star”, “New Facebook features!” and so on Facebook? These are – of course – usually tricks to make you fall for a scam.

facecrooks has a huge list of Facebook related scam. Below are just two of the countless examples:

Free iPhones: Like the Facebook page and share the picture. It is easy to win a phone right? Wrong. There is no iPhone and you will be spammed from this page (pages can be sold as advertising spaces) because you gave them a like.

2 Picture from facecrooks.com

 
Profile viewer: Don’t you want to know if the girl from school or the boy from work is seeing your pictures? So better ask them because these kinds of plugins/features/apps don’t work. Normally behind these links you will find some PUA or Adware ready to be downloaded and installed on your computer.

3 Picture from facecrooks.com

Then there are applications that can improve the performance of your computer. We offer you Avira System Speedup. This program can defragment your hard drive or delete useless folders and registry entries. It works perfectly well and WILL speed up your PC – to some degree. But there is just no application that will perform wonders on your PC. If it is 8 years old and slow, it will just never feel like a newer machine with more RAM and a better CPU despite your efforts and you paying €50 to improve it with a random program that promises you just that. Those scam apps, apart from not fixing your computer, also create errors or problems that didn’t exist before, in order to make you pay even more money for fixes you would not have needed in the first place.

Optimizer Pro (another real world example) could be classified as scareware as well; it tells us that the computer needs to fix things that, in fact, are working correctly. It uses our fear to get us to pay for the product.

4

Scam is not getting old. It is also very present on our smartphones. Do you want an app that does things for free where others take money? It is possible, but be careful. With these applications you will usually be walking on thin ice.

Porn app for Android for example is an app that allows users to watch porn videos for free. Just accept the conditions, give them permissions and run the app as soon as you can! Ooops! Did you think ransomware was only affecting your PC? Now you also have your phone blocked.

5

When you want to get an application, try to download it from the original source if possible. Also check different sites first, since lots of applications are actually for free.

Even on a well-known and trusted site like Amazon it is easy to find scam regarding original software. VLC is a popular video player which can be downloaded for free – but believe it or not, there are actually people trying to sell it to you to make some quick bucks.

6

If you don’t trust the source, or if it looks just a tiny bit suspicious, turn around and run as fast as you can. Regarding scam applications: If you are looking for something specific, first check for another users opinions and more information, compare it with other products, and if you are still not sure, just leave it be.

In conclusion, Scamware is a waste of time and money and never does the things you were promised it was going to do. So don’t believe in these false promises of “eternal life potion”, “Ferraris for free” or “1 click super computer”.

Links:

The post Scamware or why you shouldn’t believe in miracles appeared first on Avira Blog.

Avira

Some GTA V Mods Serve You Malware

Leave a comment

What it’s all about

aboutseven, a newly registered member on the GTA forums, was the first one to notice that all was not well with the processes running on his computer. “I came across something pretty startling today after reviewing my processes that were running on my computer. I tend to do this a lot out of paranoia, just checking that I don’t have stuff running in the background that I don’t want running, or if I ever possibly run into something that is out of the ordinary that could possibly be malware. I happened to notice that the Windows C# compiler running the background as csc.exe”, he wrote in his post.

After looking into it some more he dredged up a file called Fade.exe, which hijacked a part of the registry in order to being launched at boot. Some more testing revealed that a GTA mod named Angry Planes was to be held responsible for the malware landing on his system. Since the discovery, other players are claiming they’re finding similar harmful files on other mods as well, such as No Clip.

What it does

So, why exactly is Fade.exe such a problem? To answer the question, let’s just take a look at the modules that are loaded with the mod, according to another forum user named ckck:

  • “Facebook spam/credential stealing module
  • Twitch spam/credential stealing module
  • com spam/credential stealing module
  • A Steam spamming module
  • A Steam module that evaluates the items in your inventory and their value based on current market value
  • A Keylogger module that logs individual button presses in an XML like format, it also includes information about context switches (switching from one app/window to another)
  • A UDP flooding module
  • I hadn’t deciphered and didn’t see in action.”

What you can do

In case you have one of the mods installed, make sure to scan your computer with your AV and remove the malicious files. Keeping in mind that Fade.exe also sniffs around your Facebook, Steam, and Twitch accounts, make sure to change all your passwords as well.

The post Some GTA V Mods Serve You Malware appeared first on Avira Blog.