Tag Archives: Social Networking

Posted on Author Atlantic Computer Services Categories Blog

Recent Popular Aged Face APP on Facebook Has Serious Privacy Issues

If you spend any time at all on social media, you’ve probably seen the latest craze:  People posting photos of themselves aged, so they look like they’re in their sixties, seventies, or even older than that. FaceApp, the program behind the face-aging magic has actually been available for a few years, but it has only recently gained the attention of the masses, suddenly and inexplicably going viral after enjoying a quiet existence early on.

Unfortunately, one feature of the app, paired with the company’s expansive terms of service could make a number of users uncomfortable.

Let’s start with the company’s terms of service, which reads, in part, as follows:

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.  When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your Username, location or profile photo) will be visible to the public.”

That’s quite a mouthful but think for a moment about the scope and scale of the permission you’re giving to this app to use it.

Now pair that with the fact that when you tap a photograph in the app and instruct it to age you, it uploads a copy of your photo to servers located in Russia.  Also note that it doesn’t ask your permission to do this, or inform you of it, it just happens in the background.

According to a company spokesperson, the purpose of this functionality is to enhance and improve the speed of the image transformation in-app, relying in part on AI algorithms on the company’s servers.

It’s a (barely) plausible explanation but think about those two things taken together and ask yourself if you’re really 100% comfortable with giving that level of control to a company. Is it worth what you’re getting in return?  For a few chuckles of appreciation at your magically aged photograph?

Most people aren’t comfortable with that, but sadly, most people don’t read TOS agreements closely before agreeing to their terms.  If you’re one of the legions of recent fans of FaceApp, keep the details above in mind and discontinue using the application right away.

0
Posted on Author Atlantic Computer Services Categories Blog

Instagram User Information May Have Been Available To Hackers

Do you have an Instagram account?

If so, be advised that David Stier (a business consultant and researcher for CNET) has recently discovered a flaw in Instagram’s website that exposed thousands of users’ email addresses and phone numbers for a period of more than a month.

Mr. Stier provided screen shots and other details to Instagram demonstrating that when the source code for some users’ profiles were displayed in a web browser, supposedly confidential information was plainly visible.

The exposed information ran the gamut and included the contact and personal information of individual adult users, some businesses, and an unknown number of minors.  The company responded promptly and issued a patch that corrected the problem not long after they were made aware, but at this point, the damage may have already been done.

From a user’s perspective, the best thing you can do is to change your Instagram password immediately and be on the alert that if a hacker made a copy of the information, you may be on the receiving end of phishing emails in a bid to collect even more information from you in the months ahead.

At this point, it is unknown whether any group or individual other than Mr. Stier found and made use of the exposed information. Instagram faced a similar issue several months ago, in which the company improperly protected a database containing the contact information of millions of their users, including several influencers and celebrities.  This database was initially uploaded and shared by a Mumbai-based marketing firm called Chtrbox, and the information it contained is unquestionably in the wild at this point.

Instagram’s parent company, Facebook, issued a brief statement to the effect that they were working with Chtrbox to understand exactly how they came to posses the data and how it became publicly available.  At this time, however, no additional information is available.

0
Posted on Author Atlantic Computer Services Categories Blog

Email Providers Found To Have Signature Vulnerabilities

A team of security researchers have uncovered a serious flaw in several major email clients you need to be aware of.

The flaw allows hackers to fake verified signatures, which gives their phishing and other email-based attacks the appearance of legitimacy.

 

According to research conducted by the team, the following email clients are vulnerable to this exploit:

  • Thunderbird
  • Apple Mail with GPGTools
  • iOS Mail
  • Microsoft Outlook
  • Mailpile
  • Roundcube
  • K-9 Mail
  • Airmail
  • MailMate
  • Evolution
  • KMail
  • GpgOL

What The Risks Are

Ostensibly, an email signature is supposed to provide end-to-end authenticity, legitimacy, and integrity.  When you receive an email containing a verified signature, it’s a sign that it’s from a safe, trusted source. Unfortunately, now that several of the largest and most widely used email clients have been found to be vulnerable to signature spoofing attacks, that’s out the window.  If you’ve been in the habit of scanning for a verified signature and then, upon finding one, assuming the email is safe, it’s simply no longer safe to do that.

The research team described their research in part, by saying the following:

“In our scenario, we assume two trustworthy communication partners, Alice and Bob, who have securely exchanged their public PGP keys or S/MIME certificates.  The goal of our attacker Eve is to create and send an email with arbitrary content to Bob, whose email client falsely indicates that the email has been digitally signed by Alice.

Our attack model does not include any form of social engineering.  The user opens and reads received emails as always, so awareness training does not help to mitigate the attacks.”

That’s dark news indeed, and even worse, a raft of CVE’s have been opened to account for and fix the vulnerabilities that make this type of signature spoofing possible. However, there are no easy fixes here, and there’s no timetable at this point from any of these email providers on when or if the issues will be resolved.

0
Posted on Author Atlantic Computer Services Categories Blog

Twitter Will Soon Release New Features With Update

Twitter recently announced the addition of a new “Hide Replies” feature, which will give the platform’s users a bit more control over conversations that stem from the tweets they make.

Twitter Senior Product Manager Michelle Yasmeen Haq had this to say about the new addition:

“With this feature, the person who started a conversation could choose to hide replies to their tweets.  The hidden replies would be viewable by others through a menu option.  We think the transparency of the hidden replies would allow the community to notice and call out situations where people use the feature to hide content they disagree with.”

This is the latest in an ongoing series of moves designed to improve the platform and help separate legitimate content from fake, spammy, scammy or abusive content.

According to a recently posted announcement, some of the changes ahead include:

  • An update to the company’s Terms of Service in a bid to simplify them.
  • The addition of more notices within the Twitter system itself to provide clarity and context, important in cases where a Tweet breaks certain rules but remains on the system because the content is in the public interest.
  • Streamlining the process of reporting to make it less burdensome for users who are reporting abusive Tweets to system administrators.
  • Further improvements and refinements to Twitters processes relating to content review, with an eye toward positioning the company to respond more quickly when abusive behavior is reported.

In recent years, Twitter has struggled against an onslaught of fake accounts that have been used to spread a variety of wildly inaccurate information and the company has been working hard to counter the threat.  They’ve been making progress, but clearly there’s still more work to be done.  The steps above are widely considered to be a powerful step in the right direction, although few are convinced that those things alone will be enough.

0
Posted on Author Atlantic Computer Services Categories Blog

Issue With Internet Explorer Could Affect Most PC Users

Are you still surfing the web with Internet Explorer?  If so, you’re not alone.  Four years after Microsoft announced Edge as its successor, the company’s old browser still has a few stubborn holdouts who continue to use it for various reasons.

Unfortunately, security experts keep finding critical security flaws in the code that make it something of a ticking time bomb.

The most recent of these was unearthed by an independent researcher named John Page. He published a proof of concept that demonstrates a flaw in the way the old browser handles MHT files, which are used by Internet Explorer for archival purposes.

If any computer running Windows 7, Windows 10, or Windows Server 2012 encounters an MHT file, it will attempt to open it using Internet Explorer.  This fact represents a tremendous opportunity for a savvy hacker.  All he has to do is present a specially crafted MHT file containing malicious code to a user and use a bit of social engineering to open it.  Using history as a guide, convincing users to open files from untrusted sources is not especially difficult to do.

Even if you don’t currently use Internet Explorer, your system is still very much at risk from this type of attack, because IE 11 still ships with every Windows-based PC, including the latest Windows 10 machines.  The only potential saving grace here is that on Windows 10 machines, Internet Explorer is not enabled by default and needs to go through a user-initiated setup process before it could be used.

The solution then, at least if you’ve got a Windows 10 machine, is simply to avoid enabling Internet Explorer or, even better, simply uninstall it from the Control Panel altogether.

Mr. Page reported the issue to Microsoft on March 27, and received the following reply:

“We determined that a fix for this issue will be considered in a future version of this product or service.  At this time, we will not be providing ongoing updates of the status of the fix for this issue and we have closed the case.”

Unfortunately, that’s a canned response that amounts to a dismissal. So for the foreseeable future, you should operate under the assumption that no help will be forthcoming from Microsoft on this issue.  Make sure your IT staff is aware.

0
1 7 8 9 10 11