Tag Archives: News

AVG

Celebrity hacks – why do they continue?

This week we saw yet another hack of a top celebrity, this time the Twitter account of pop star Taylor Swift.  The bad guys, whoever they are, hacked the account sent out messages, distributed personal information and claim to have personal pictures.

Taylor Tweet

 

Its not uncommon for accounts to be hacked, especially when the security is reliant on just a password, but Twitter offers users much more than this.

Most online services today offer two factor authentication as an additional layer of security. The concept of this is very simple as to login you need to have something and know something. The most common use of this authentication is your ATM card, you need the card and you need to know the number.

The same theory applies on online accounts. You enter your login and password, and then the service waits for you to type in a verification number that is automatically sent to your phone. The phone is something you have and the code is something you know. Of course your phone is protected with a pin which adds yet another layer of security.

Video

Video: What is Two Factor Authentication

 

Hacking a celebrity’s account would be difficult if they switched on this two factor authentication. Here lies the problem, celebrities may tweet some things themselves, but it’s likely that they have a team managing their social media accounts for them.

Having multiple people running an account prevents the use of two factor authentication as the code can be only sent to one phone.

I am sure I just upset many celebrity fans who thought that celebrities actually managed their own social accounts.  The reality is that celebrities are busy people and social networks are marketing tools that their teams use to keep them in the news.

In the case of Taylor Swift, the hack may of course be more complex and someone could have cloned her phone. This would take effort, access to the device and would have put the hackers in a much riskier environment. I hope that they have secured the data and account and that the damage is limited as no one should be hacked. Having the right security settings is the best protection.

How to set up two factor authentication

  1. Login in to Twitter and go to settings. If you’re on a PC then this entered by clicking on your picture in the top right corner.
  2. In the left hand menu select ‘Security and Privacy’
  3. There are a few options, SMS to a phone or using the app. Select the one of your choice.
  4. Scroll down and save the changes

I use the text to a phone option but either of the SMS or app options require you and your phone to be together to access your account so both offer effective protection.

Now that you have successfully enabled two factor authentication, your account should be a lot more secure.

Follow me on twitter @tonyatavg

Title image courtesy of billboard.com

AVG

Why you should celebrate Data Protection Day 2015

So what is Data Protection Day? It’s a holiday proclaimed by the Council of Europe on January 28, 2007. The goal is to raise awareness and promote privacy and data protection best practices.

It is globally celebrated and in the U.S. often referred to as Data Privacy and Protection Day, but it’s still a holiday! So tell your boss, and take a day to yourself. In the words of Madonna, rather the spirit, perhaps we should “Celebrate.”

If we took a data day, took some time to celebrate,
Just one data out of life
It would be, it would be so nice

Everybody spread the word… We’re gonna have a celebration
All across the world, In every nation

It’s time for the good data practices… Forget about the bad, oh yeah…
We need a holiday…

 

On this anniversary of Data Protection Day, the promise is matched only by the tension. In the past year, we’ve seen unprecedented data hacks, continued instances of government surveillance, and an ongoing tide of commercial data collection and use practices that don’t always bode well for consumers.

Data Protection Day 2015

 

This is amplified by real concerns for people’s safety, life, and liberty. Criminal enterprises continue to engage in identity theft and financial fraud.  Terrorist attacks, like those recently in France, further fuel our fears and heighten the impulse to use more invasive state surveillance techniques.

Add to this the sea-change in the landscape created by mobile devices, which will look like nothing compared to the changes ushered in by the Internet of Things. We have more data, more collection points, more providers, more sensitive information, and growing commercial and state appetites to use the data that define our lives.

So why celebrate? Well, a set of forces seems to be converging that indicates a corresponding change in attitude to better protect consumers and change the pH of the ecosystem so it’s more habitable for businesses and users alike.

The FTC released a thoughtful report on IoT that gives us a framework to get ahead of the changes. President Obama recently proposed new cyber-security and data breach legislation that is promising, provided the voices of civil society advocates like CDT and the EFF remain engaged.

The EU continues to work on updating the data protection act to address both the technological and societal changes that have occurred since it was first drafted. More importantly though, the heat in this space has been turned up. There is more debate.  More industry leaders are devoting increasingly more mind share.  Notions of choice, transparency, control, and reasonable defaults – the very threads that weave the fabric of trust that we depend upon – are no longer dirty words.

While these may seem like concepts beyond your desktop, there is a lot each of us can do to take back some of our privacy. Today, I actively managed my privacy settings in iOS. I disabled location services for all those apps where it didn’t make sense.  Why for example do the camera or ADP (payroll) apps need to use my location in the background when I’m not using them? Something doesn’t seem right.

Google Maps Sharing

 

Some apps, I was pleasantly surprised to find, like Google Maps and ESPN’s SportsCenter, do give me the option to turn location services on only “while using.” This makes sense to me and is an example of privacy forward design that gives users better and more refined choices.  The fact that the interface exists at all is an example of transparency that didn’t exist in earlier versions of iOS, and a good sign that things are changing.

All this is to say – the tide is shifting. In this transition, there is more opportunity than we can imagine. We don’t believe that users have to trade privacy and security to benefit from the wealth of data-enabled services available now and soon to come.

Today there is growing interest in shaping a future that is more people-centric than device-centric, and that properly reflects the human rights that we expect. I am optimistic that there is more future than there is past. That’s something to celebrate.

AVG

Will 2015 be the biggest yet for Cybersecurity?

President Obama’s recently announced comprehensive new cybersecurity proposal for the U.S., highlighted in his State of the Union address (you can see a full transcript of this address here), puts the issue of cybersecurity where it should be: front and center.

The high-profile cyber-attacks and hacks of the past year have drawn a mainstream spotlight to cybersecurity. As the President emphasized in his address: “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.”

What are my thoughts? I think this is a real, actionable step in the right direction to increase the war on cyber-attacks and protect consumers and businesses.

The new Presidential cybersecurity proposal, officially announced  on December 19 at  the National Cybersecurity and Communications Integration Center, aims to move to quicker and more active security breach and threat reporting.

Image courtesy of The Guardian

According to the White House announcement, the proposal would create a more proactive environment for companies and organizations in the private sector to share security breaches with the government. The proposal, for example, would criminalize the sale of stolen financial data, and mandate that companies notify consumers about data breaches, as well as protect companies from liability.

As stated by the White House, “Specifically, the proposal encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), which will then share it in as close to real-time as practicable with relevant federal agencies and with private sector-developed and operated Information.”

Information sharing provides a way to get a real-time response to these breaches. But it’s the old left-hand, right-hand problem.  Information sharing would speed up an organized response to a data breach or cyber-threat and allow a concerted response. But there remain legitimate concerns in many camps about the information shared.

This proposal seems to be well crafted in that it recognizes a general apprehension of handing over information to the government, a genuine concern (even an obsession) for many. The plan seeks to mollify privacy concerns by requiring participating companies to comply with a set of restrictions, such as removing “unnecessary personal information” and to protect personal information that has been shared.

A national standard in the United States for reporting breaches has been a long time coming. If you’re a company that has been hacked, your obligations are different in different states. If your information has been hacked, a company’s obligation to report it to you currently depends on the regulations of the state you reside in, which simply doesn’t make sense. If you’ve been hacked by someone from Russia, for example, does it matter whether you live in Connecticut or Texas? The problem is a global one, but a national plan is a great move.

The new cybersecurity proposal has critics and supporters lining up in debate.  And the prospect is real that this cybersecurity plan like previous proposals could become stalled in Congress.

“cybersecurity needs to be proactive in preventing and detecting cyber crime”.

We all need to focus on the idea that cybersecurity is not just reactive, but needs to be proactive – in preventing and detecting cyber crime. The President’s proposal is a step along that path.

I’m looking forward to a next step and results of the newly announced Summit on Cybersecurity and Consumer Protection at Stanford on February 13, 2015 which will convene a wide variety of groups for industry, private and public – to help shape public and private sector efforts to protect consumers and companies from growing network threats.

The good news is that momentum for cybersecurity is building. If we can get business, government, and the security industry in this country working from the same digital page, the benefits could be tremendous.

It’s a critical and very exciting time to be in digital security.

AVG

What can you do to mark Safer Internet Day?

Safer Internet Day is fast approaching on February 10. and now is a great time to think about what we can all do to help make the Internet a safer place for everyone, especially children or those just coming online.

I am pleased to announce that AVG is a registered supporter of Safer Internet Day and that this year we will be working with the Anti Bullying Alliance in the UK to create valuable resources for young people and parents.

Safer Internet Day

 

The Internet is an incredible tool and every one of us uses it in our own way. It is important to think about small steps that you can take to make the Internet a safer place for yourself, your friends and family.

These days, being safe online doesn’t just mean on your computer. Mobile browsing and gaming is more popular than ever and with micropayments available at the click of a button, staying safe on your mobile is a must.

Here are some great tips on how to stay safe on your Android device.

Video

Mobile Safety Tips

 

Get Involved

Whether you run a business or just use Facebook, Safer Internet Day is about working together to create a more secure, harmonious web for us all to enjoy.

The Safer Internet Day website has several resources that can help you get started if you are thinking of getting involved.

Here are a few ways I plan to mark Safer Internet Day 2015:

  • Social sharing spring clean: A quick double check to make sure I’m only sharing with people that I want to.
  • Two Factor Authentication: Enabling this on my email and banking will help make sure my online accounts are as safe as they can be.
  • Set a passcode on my tablet: Protecting your online world starts with the devices and setting a passcode will help keep my devices and data safe.

 

At very least, I would recommend taking the Safer Internet quiz, which has loads of great tips on staying safe online.

AVG

The future of smart glasses still looks bright

At the 2015 Consumer Electronics Show earlier in January, wearable digital technology was the darling of the show.

While most of the buzz was around smart watches, Google Glass remained a status symbol worn by some geeks attending the show.  The yet-young “smart glasses” scene even boasted new entrants by major players like Sony and Epson.

So, it was surprising to some, when Google announced last week that as of Monday January 19th 2015, it was halting sales of its glasses and going back to the drawing board. Perhaps not so surprising to anyone outside the bubble of CES.

The consumer product media had ridiculed the glasses and its adopters for everything from how the device looks, to potential privacy infringements.

Google announced that Tony Fadell, the father of the iPod while at Apple and the CEO of smart-home device maker Nest Labs, which Google acquired last year, would undertake the Glass re-boot.

Tony Faddell

Image courtesy of mojandroid

 

Under Fadell’s expert hand, the product’s redesign should help Google Glass, though concerns about the smart glasses concept remain. I recently wrote about wearable devices and adoption, and privacy issues, particularly in the workplace. The focus of that piece was a potential ban on smart glasses and what companies need to do to prepare for the Wear Your Own Device (WYOD) trend. For now, it looks like the negatives outweighed the benefits, on the consumer side at least.

However, I believe that the smart glasses concept has great potential in other areas – one of which, is healthcare.  Boston’s Beth Israel Deaconess Medical Center is a prime example of how smart glasses can assist medical staff. It has developed a system that allows an ER doctor to look up information on patients by using Google Glass to scan a Quick response (QR) code on the wall of each room. It’s a great project and you can read a doctor’s blog about it here.

More recently, smart glasses for healthcare applications got another boost in the form of Augmedix, a startup with the aim of providing medical professionals with a Glass-powered records management solution.

Augmedix

Image courtesy of Augmedix

 

Enabled by Google Glass, Augmedix expedites the time physicians spend daily entering or retrieving data from electronic health records, allowing them to focus on patient care. According to the company, first launched in 2012, the service has a nationwide patient acceptance rating of more than 99 percent. The company’s CEO reports to Forbes that the Glass reboot is not cause for concern, as Google will continue to supply Glass to enterprise customers.

According to Forbes, Augmedix was one of ten companies Google lists as certified Glass at Work partners, focused on Glass-based enterprise services. More than half of them list healthcare as a major focus.

Of course, privacy issues will be consummately important for smart glasses in healthcare scenarios – as patient privacy is rigorously protected by the Health Insurance Portability and Accountability Act (HIPAA) and vigilance is of critical importance to all of us.

It’s not just about healthcare though, I think the smart glasses category has a lot to offer many fields that need quick and hands-free information, including things like rescue operations and engineering on a drilling platform.

So, where are digital glasses going? Suffice it to say, for now, it looks like away from the consumer market and into business ones.

Image courtesy of knowyourmobile

Panda Security

WhatsApp blocks WhatsApp Plus users

whatsapp plus

“You’re temporarily banned from WhatsApp because you may have violated our terms of service. You’ll be able to use WhatsApp again in:” Maybe this text sound you familiar…

WhatsApp has blocked the accounts of all WhatsApp Plus users. The reason? It cannot guarantee the security of the service.

The block will last 24 hours and WhatsApp explains it as follows:

whatsapp banned

WhatsApp Plus is an Android app developed by a Spanish programmer, based on WhatsApp but unofficial and unauthorized by it. It allows users to access WhatsApp and customize the look, use other emoticons, send songs…

However, WhatsApp warned that using unauthorized apps was a violation of its Terms of Service, and those who use them will be banned and that is what has happened.

The post WhatsApp blocks WhatsApp Plus users appeared first on MediaCenter Panda Security.

AVG

Terror on the streets leads to terror in cyberspace

Earlier this January, the Charlie Hebdo attacks in Paris shocked millions across the globe. News channels brought us almost 24 hour coverage of events and are still analyzing the effects, some weeks later.

However, there’s more to the aftermath than first meets the eye. France has received a massive spike in detected cyber-attacks, reporting over 19,000 attacks since events unfolded in the capital.

This cyber-terrorism represents an often ‘hidden’ side to politically motivated conflict and are neither new nor unique.

For many years, we have witnessed a close correlation between tensions in the middle-east and the number of cyber-attacks detected in conflict zones.

Political conflicts between Turkey, Syria, Lebanon, Israel, Egypt and Palestine regularly trigger waves of cyber-attacks such as website defacements and Denial of Service attacks (DDoS).

 

Here are just a few examples of this cyber-terrorism:

Just as street-level conflict can be a way to express opinion and get your voice heard; for others, cyber-attacks are the most powerful protest tool available.

“these attacks are usually unsophisticated and are not motivated by theft of data or money”.

In my experience, these attacks are usually unsophisticated and are not motivated by theft of data or money. Instead, they are brought about simply by an individual or group’s need to voice their opinions.

So as Europe experiences a wave of terror attacks, what can it learn from the middle-east and its longstanding tensions?

For one, there is a very real correlation between civil conflicts and attacks in cyberspace, although thankfully not visa-versa.

Second, consumers and businesses should make sure they protect themselves in cyberspace once terror or political conflicts hit the streets.

Visit our AVG Academy on YouTube for helpful tips on protecting yourself online.

AVG

The web gets ready for voice recognition

News broke earlier in January that Facebook has acquired Wit.ai, an 18 month old startup that specializes in voice recognition technology. At first, this might seem like a strange move but upon closer inspection, the rationale is clear.

Millions of users are turning to mobile as their preferred platform, where typing long messages and interacting with friends is far more challenging than on a PC keyboard.

It’s clear that companies like Facebook face a challenge to make mobile interaction easier and more engaging.

Using Wit.ai’s expertise, Facebook can build a mobile-first platform with a voice activated interface and text-to-speech messaging some obvious steps.

The Facebook acquisition highlights the excitement and potential behind voice recognition technology. We are potentially witnessing a fundamental shift in the way we interact with our technology forever.

As we start integrating voice activated functionality into new smart devices and services we use on a daily basis, my primary concern isn’t one of convenience but of security.

As I wrote in this blog in September 2014, there is much work to be done in securing our digital devices from voice commands.

Most voice recognition technologies scan commands for meaning and then execute them. I believe there is a need for an additional step, one of authentication.

Does the person issuing the command have the authority to do so? When I ask the device to execute a command, does it validate that it is really me and not someone else?

As I demonstrate in the below video, it is quite simple to have a device act upon a voice command issued by a synthetic voice or by a 3rd party that has an access to the device – even remotely:

Video

Voice hacking a device

 

As Facebook and other leading companies add more voice activation technologies to their roadmap, it’s important to realize that we are also increasing the number of services and devices that are potentially vulnerable to voice attacks. So considering this, , let’s build it with safety in mind.

AVG

Thoughts from CES: The physical world is becoming digital

As a long-time attendee of CES, I tend to look forward to it with both excitement and trepidation. As it gets bigger each year, it steadily becomes busier and more difficult to physically get around and take it all in.

This year, I walked away from the show thinking we finally have reached a point where smart digital tech doesn’t just sit within a specific market or category any more. Instead, it’s finally become ubiquitous and is now being embedded throughout our everyday lives.  It was evident at the show that we are truly in the “smart” and “Internet of Things” era.

IoT

Image courtesy of GigaOm

 

Shawn DuBravac, chief economist for the Consumer Electronics Association (CEA), identified this phenomenon as the ‘digitization of physical space”, “permeation of logic” and the “Internet of Me”.

Regardless of what you call it, CES 2015 showed me that innovation in connected technology is now everywhere – from baby pacifiers to dog bowls, home appliances to, of course, the self-driving car.

As always, we must remember that  as fascinating as they are, many of the products at CES are in the prototype phase –and many will never reach the wider market. But nonetheless, it’s always interesting to observe and try to gauge what we may have in store a few years down the line.

This year I was fortunate enough to also be exhibiting at CES as part of the Lifelong Tech and Family Tech Summits. AVG exhibited many of our family-focused products (including our Location Labs, Privacy Fix, and Zen products) in the Sands Expo Hall.

We were surrounded by all things smart and wearable for health, fitness, education and families. It was a fascinating and highly trafficked place to be where the digitization of everything and the Internet of Things was on display in full force.

Where it will all go from here in the year ahead, will be, not doubt, rooted in practicality. For example, let’s take that baby pacifier I mentioned.

The Pacif-i, a “smart” baby pacifier designed by U.K.-based Blue Maestro was a big hit. This product connects to parents’ smartphones via Bluetooth, and alters them to situations such as as when their baby is running a fever. In this instance, smart devices are creating very useful and valuable information to help parents.

Then at the other end of the spectrum were many fun, novelty and me-too items (names I’ll withhold) whose value will need to be proven…

It’s an exciting new world that we’re embarking upon. But it also reminds us that our privacy and security is increasingly paramount. That’s why we at AVG are continually looking at the trends and what we can do to help you guard and defend your data, devices and “digital” selves.

 

Title image courtesy of gospelherald

Panda Security

Who are the Guardians of Peace? A new hacker group is on the loose

Are you familiar with the name ‘Guardians of Peace’? This is a new hacker group that has been gaining notoriety over the last few weeks.

Everything began when the hacking group sent Sony a disturbing message threatening the company with leaking large amounts of confidential data unless a series of requests were met.

guardians of peace

Shortly after this, the Guardians of Peace started publishing all sorts of documents, files and confidential data belonging to Sony. Unreleased movies, information about executive salaries, emails from the company’s lawyers, employee workplace complaints, movie scripts and even the phone numbers of Hollywood celebrities were among the nearly 100 terabytes of data stolen by the hacker collective through a piece of malware called Destover.

The mystery has since grown larger…  Who is behind the Sony attack? Who are the so-called Guardians of Peace and what’s their reason for attacking Sony?

North Korea, prime suspect of the attack

US authorities believe the attacks originated from North Korea. One of the group’s demands was the cancellation of the planned release of the film ‘The Interview‘, a comedy about a plot to assassinate North Korean leader Kim Jong-un.

However, North Korea has repeatedly denied any involvement in the hack attack, and the Guardians of Peace have posted new messages mocking the FBI’s investigation.

Various theories are emerging surrounding the attack. Despite North Korea is still the prime suspect, there is also speculation linking the attack to a possible Sony insider, a group of disgruntled former employees or even a marketing campaign orchestrated by Sony itself to promote ‘The Interview’.

the-interview

Some theories even claim that this is nothing but a campaign designed by the US government to find itself a new enemy and thus justify the mass spy operations carried out through agencies such as the NSA

Incidents like this, combined with the alleged hack of the Play Station and Xbox online services during Christmas, and the constant rumors of Internet leaks, certainly make you wonder if we are not really in the middle of a cyber-war between powers…

Despite the mystery surrounding the attack, the truth is that Sony decided to cancel the premiere of ‘The Interview’ for security reasons (after receiving threats against the company’s employees and their families), and the cyber-attacks have exposed the frailties of the security measures implemented by one of the largest entertainment companies in the world.

The post Who are the Guardians of Peace? A new hacker group is on the loose appeared first on MediaCenter Panda Security.