Top Three Cyber Security Tips

Ryan Collins, 36, of Lancaster, Pennsylvania, was sentenced on Thursday to 18 months in prison for his role in leaking private nude photos of celebrities he found by illegally accessing their Google and Apple accounts.

He is one of three men who has been convicted of leaking private celebrity photos, and is personally responsible for illegally accessing more than 100 accounts, prosecutors said. In total, the nude photo leak investigation included over 600 victims.

Cyber Security

Between November 2012 and September 2014, Collins pulled off a carefully targeted cyber security attack known as spear phishing. He sent targeted emails to his victims purporting to be from Apple and Google that seemed legitimate and tricked his high-profile targets into handing over their usernames and passwords, according to the U.S. Attorney for the Central District of California.

Once Collins had his target’s username and password, he was able to access their private accounts, steal their photos and in some instances, according to prosecutors, download full backups from the iCloud.

Sometimes, even for celebrities, it is hard to tell if an email is legitimate or not.

Here are some key cyber security tips:

  1. If you receive a suspicious email from a place where you have an account, never click on any links inside of it. Instead, go to the specific service provider’s website and log in from there. You can also make a quick phone call. In any case, most companies will not ask for your username or password through an email.
  2. Once you get to the website, use different passwords for different accounts, and switch passwords often – for banks every three months at least. If you have different passwords and one account gets hacked, the other accounts should be OK.
  3. If you feel confident about opening a link in a non-business-related email – even if it appears to be from a friend – always hover over the link first to see where the link is going before clicking on it. Your friend’s email account may have been hacked.

You could fork out $14,000 or so for a military-grade-secure smartphone to help thwart hackers — but a little cyber security know-how will certainly cost a lot less. There are many, many more hackers just like Mr. Collins who haven’t been caught. Let’s do everything we can to keep them away from our personal, private information.

 

Special thanks to NBC News for their article on the subject.

Hackers Can Access Millions of Smart Phones!

Using a malicious app, hackers could access Android-specific security vulnerabilities from Qualcomm chipsets.hackers, security vulnerabilities, mobile apps, Trust Guard

Since 1993, DEF CON has been holding its annual hacker conventions in Las Vegas. As one of the largest such conventions in the world, security companies like Trust Guard share information about the security (and lack thereof) with online and mobile devices and apps. As one of the oldest such organizations, it is privy to much of the available information concerning security breaches – be they online or, more recently, mobile.

2016 was no different. This year computer security firm Check Point and its mobile threat research team revealed details of what it says are a set of “four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets.” They call the set of vulnerabilities QuadRooter.

This type of extensive security problem shows how vulnerable our mobile devices are to security threats from hackers. All it takes it to download the wrong app and, often without even realizing it, our personally identifiable information will have been hacked. If you are using one of the above devices, we suggest you go to your phone distributor or carrier to get the patch to fix the security hole as soon as possible.

QuadRooter vulnerabilities are found in software drivers that ship with Qualcomm chipsets. The drivers, which control communication between chipset components, become incorporated into the Android “builds” that manufacturers develop for their devices. Check Point says that since the vulnerable drivers are pre-installed on devices at the point of manufacture, they can only be fixed by installing a patch from the distributor or carrier. Distributors and carriers issuing patches can only do so after receiving fixed driver packs from Qualcomm.

tg-10year-badge-High DefinitionSome of the latest and most popular Android devices found on the market today use these Qualcomm chipsets, including:

BlackBerry Priv
Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6 and Nexus 6P
HTC One, HTC M9 and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
OnePlus One, OnePlus 2 and OnePlus 3
Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra

If you are using one of the above devices, we suggest you go to your phone distributor or carrier to get the patch to fix the security hole as soon as possible. If you have a website, we recommend using Trust Guard’s security scanning software to protect your site from online cyber security threats.

This type of extensive security problem shows how vulnerable our mobile devices are to security threats from hackers. These four vulnerabilities, of course, aren’t all the vulnerabilities. And Qualcomm isn’t the only instigator of chipsets with bugs in them. For all app users, Android, Apple’s IOS, or others, all it takes is to download the wrong app and, often without even realizing it, our personally identifiable information will have been hacked.

Special thanks to Sky Valley Chronicle for much of the information about the vulnerabilities found.

 

 

FBI Asks Apple to Create Hacker-Friendly Software

FBI Apple iPhone Software WarBy now you have heard about the potentially dangerous security issues that could arise should Apple do as requested by the FBI to build a new software, a backdoor into the iPhone – specifically built to can break the encryption system which protects the personal information of every iPhone user.

According to Bruce Sewell, Apple’s chief lawyer in his statement to a congressional committee today that “the FBI is asking Apple to weaken the security of our products. Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety. It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.” In essence, if Apple creates this software, our private information would be vulnerable to the government if we deserve it and to hackers if we don’t. To the iPhone user, having Apple create the software is a lose-lose situation. Aren’t hackers doing enough damage online? It’s hard enough for business owners to scan their sites for vulnerabilities that might be accessible to hackers. Such scans, now required to achieve Payment Card Industry (PCI) compliance, ensure our security as consumers as well as the safety of the business owner’s proprietary content. If Apple creates the requested software, no one will be safe from the possibility of getting their phone hacked into. 

When this all started, the FBI argued that all it wanted was access to one little iPhone – but an important iPhone – as it belonged to a terrorist. But if that was the case, it isn’t the case now. Sewell reminded people of this in his opening statement, saying that “building that software tool would not affect just one iPhone. It would weaken the security for all of them.” He continues, “the US government has spent tens of millions of dollars through the Open Technology Fund and other US government programs to fund strong encryption. The Review Group on Intelligence and Communications Technology, convened by President Obama, urged the US government to fully support and not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.” Encryption is necessary. App developers and app users alike welcome it as our last-ditch effort to keep our privacy and security safe. Sewell says that Apple has “been using it in our products for over a decade. As attacks on our customers’ data become increasingly sophisticated, the tools we use to defend against them must get stronger too. Weakening encryption will only hurt consumers and other well-meaning users who rely on companies like Apple to protect their personal information.”

Forcing Apple to create this software could damage the security of our freedoms and liberties we hold so dear and make us even more vulnerable to thieves and terrorists. Mandating a backdoor encryption software is a very bad idea. It would just give hackers one more income stream and give government even more access into our personal lives.

Read more here.