Renowned computer security and privacy expert, and this year’s Kritikos Professor, Bruce Schneier gave a lecture at the EMU Ballroom on the UO campus this past Wednesday. Schneier is a board member of both the Electronic Frontier Foundation and the Electronic Privacy Information Center, two organizations dedicated to defending user privacy and civil liberties on the Internet. Schneier also worked with The Guardian to review the documents leaked by former NSA contractor Edward Snowden.
Schneier’s lecture covers the ways in which security enables authorities to remain in power, while at the same time empowering the powerless. As people become increasingly connected on the internet, are we making ourselves more vulnerable by sharing or accidentally exposing our data? In Schneier’s view, data equals power, and the methods in which data is used by various forces is the biggest social issue of the Information Age.
Tech news site CNET has a few educated guesses (and some just plain guesses) about what will be unveiled at the upcoming Apple Worldwide Developers Conference, to be held from June 2 to June 6 in San Francisco. In recent WWDC keynotes, Apple has introduced new software; for example, iOS 7 and OS X 10.9 Mavericks made their first appearance at last year’s conference.
Some sure bets for this year’s conference include the introduction of iOS 8 and OS X 10.10. Other less certain developments include Apple’s own mobile payments system and home automation software (in case you wanted to turn your lights on with your iPhone). While Apple has made new hardware announcements at the WWDC in the past, it has become less common in recent years making it very unlikely that any new Mac or iPhone models will be presented.
Facebook enjoys giving itself a facelift every few months or so it seems, and its security and privacy settings are no different. Sophos’s Naked Security blog offers five tips to increase the security of your Facebook account, including limiting your Facebook timeline to friends, allowing only friends to message you, and setting up login notifications so you are alerted when your Facebook account is accessed from an unknown computer or device.
The Verge reports that some Australian users of Macs, iPhones and iPads are finding their devices locked by a third party using Apple’s “Find my iPhone” feature. Ransom messages appear on the affected devices, demanding a $50 PayPal payment to relinquish control back to user. Some users have been able to unlock the devices on their own, while others are getting assistance from Apple and their mobile carriers.
While it’s not clear how the attackers got access to the users’ Apple IDs in order abuse the “Find my iPhone” remote locking feature, it’s possible that the culprits used information obtained from previous data breaches at eBay, Adobe and other companies. Many users will use the same email address and password for different websites, making them easy victims for online thieves. If you have an Apple ID, now would be a good time to check if you have two-step verification enabled. And, as always, remember to use different passwords for different websites, or use a password manager.
Apple has released a security update for Safari, its native Mac OS X browser, pushing it up to version 7.0.4. The update patches vulnerabilities in Safari that could allow attackers to install malware via maliciously crafted websites.
To check for and download updates, go to the Apple Menu -> Software Update…
OS X versions that are supported by this update are Lion (10.7), Mountain Lion (10.8), and Mavericks (10.9). There is no announcement of an update for Snow Leopard (10.6), which is a possible sign of reduced support for the older operating system. If you are running a Mac with Snow Leopard, please contact CASIT for information on how we can update your Mac to a newer, and more secure, operating system.
The Wall Street Journal’s Digits tech blog recently interviewed Fernando Corbató, an emeritus professor of computer science at MIT, who is credited with implementing the first passwords on a computer system in the early 1960s. With ever increasing reports of major password breaches, it’s worth taking a step back in time with Professor Corbató and the Wall Street Journal:
“He acknowledges the password’s flaws — there seems to be a major breach each month — and the public’s frustrations, having to remember strings of code for dozens of digital accounts. ‘Unfortunately it’s become kind of a nightmare,’ he says.
But at 87 years old today, he isn’t sorry.
Rather, the retired researcher says, the move was pretty logical at the time. Mr. Corbató ran an early computing project at the Massachusetts Institute of Technology. For researchers to have their own accounts, there needed to be a way to separate them. (And give him some credit — no one has developed a widely adopted substitute to the password more than 50 years later.)”
So how does Professor Corbató remember his own passwords? He uses a crib sheet (but is soon switching to an online system).
eBay revealed today that the company suffered a major security breach three months ago, confirming that a database containing encrypted passwords, email addresses, dates of birth, and other customer data, was compromised sometime between late February and early March. eBay has approximately 128 million active users, and it is still unknown how many of these users may have had their data compromised. The company stated that the data did not contain any financial information, and that PayPal, its payment processing service, was not affected as its data is stored on a separate network.
eBay is advising its users to change passwords right away and also to change passwords on other sites where they may use the same log-in credentials. Remember that it is highly recommended to use different passwords for different websites, and that you can use a password manager if you have trouble remembering these passwords.
Ransomware is a type of malware that denies a user access to their computer system, and demands a payment to the creator(s) of the malware in order to return control to the user. This class of malware has been seen on both Windows and Mac OS computers for a few years now, but in recent months it has made the jump to Android smartphones.
The Sophos Naked Security blog has a good article on “Koler”, the most prevalent Android ransomware currently out in the Android ecosystem. The article covers how the ransomware gets onto phones and the recommended way of getting rid of it.
Sophos also offers five simple tips to help deal with Android malware of all types:
- Install a reputable anti-virus program to auto-scan new apps before they run for the first time.
- Be wary of apps offered in ads and pop-ups.
- Keep Android’s default setting of only allowing installs from the Google Play store .
- Store backups of your phone’s important data on other devices.
- Read Sophos’s article about using “Safe Mode”.
In physical security news (as opposed to the digital security news we typically cover), The Verge reported on a crowdfunding campaign for a keyless bike lock designed by cycling tech startup, Velo Labs. Skylock isn’t the first bike lock that allows wireless entry, but it is attractive in design and offers additional features for safer riding and security.
You can use your phone’s Bluetooth signal to unlock Skylock wirelessly; just open the app or approach your bicycle and the lock will open. If you don’t have your phone, you can use Skylock’s built-in keypad instead. Skylock is solar-powered, so there’s no need to replace any batteries. Other features include an accelerometer that detects movement and reports it to your phone, and a “Crash Alert System” that can be set to automatically call emergency services or a friend if you’re involved in a crash.
Currently, the pre-order price for Skylock is $159 and it will be available for use with Android and iOS phones. While it is much more expensive than a traditional bike lock, it might be perfect for gadget lovers and bike lovers alike.
In non-tech news: The University of Michigan’s undergraduate library has installed “napping stations” as part of a pilot program meant to allow students to catch forty winks between long periods of study.
Members of student government and the library administration were concerned about students’ safety and the security of their belongings when they took naps in the library, which is open 24 hours and seven days a week, and proposed creating safe areas for students to take naps up to 30 minutes long.
The napping stations are located in a well-trafficked area to attract students and to be near staff supervision. The library provides students with lockers to secure their possessions, disinfecting wipes to clean the vinyl cots, and disposable pillow cases.
Research shows that napping helps boost alertness and energy, and may give students the recharge they need during those marathon study sessions.