Security News Bites for the Week Ending Sep 7, 2018
China Using Fake Linkedin Profiles to Recruit Americans as Spies
US intelligence officials are warning LinkedIn users that China is being “super aggressive” at recruiting Americans with access to government and commeACrcial secrets.
The Chinese are creating fake LinkedIn profiles, friending people and trolling to see if they would be valuable if flipped or conned out of information. The Brits and Germans are seeing similar activity.
Intelligence officials are asking LinkedIn to be more aggressive at terminating offending accounts. Twitter has recently cancelled 70 million accounts.
LinkedIn users should be on alert. Source: The Hill .
Firefox Ups the Advertising War in Version 63
Many web sites that we visit have dozens of trackers on them. For example, the Wall Street Journal, has 46 of them on its homepage alone (see below).
All of these trackers increase page download time and since each one of these tracker websites needs to be individually contacted and fed information to track us, it increases the time to load a page and the amount of data that we use. While individually, the numbers may be small, if you look at, say, 100 pages in a day and every one of them calls 46 trackers (many don’t), that would be like visiting 4,700 web pages a day, just to read 100.
Firefox, which is owned by the non-profit Mozilla Foundation, unlike Chrome (Google) and Internet Explorer/Edge (Microsoft), doesn’t care much about offending advertisers.
For years now browsers have supported a user specified DO NOT TRACK flag and web sites have, pretty much uniformly, ignored the flag and tracked us any way.
Come version 63 of Firefox a new feature will be tested and in version 65 it will become the default.
The feature will block trackers by default. Users will be able to turn the feature off and also unblock one site at a time.
uBlock and uBlock Origin are among the products out there that do similar things, although advertisers can, I think, pay them to get on their “not blocked” list. The difference here is that it is built in, TURNED ON BY DEFAULT – you do not need to buy or install anything.
The ad war just ratcheted up a bit. Source: The Register.
Google Buys Offline Transaction Data from Mastercard
Bloomberg says that Google signed an agreement with Mastercard (and likely other credit card companies) that give them some access to offline purchases. Both Google and Mastercard say that they don’t know what items you bought, only where, when and how much you spent. They are using this data to give advertisers confidence that their online ads are working based on showing you an ad and then you go spend money in the advertiser’s store. They also are buying loyalty card data with a different program and that could provide much more detailed data including exactly what you bought. Both companies are being tight lipped about exactly how the program works, so we don’t know precisely what data Mastercard is sharing or how many millions Google paid to get that data. Source: Tech Crunch.
Ten Fold Increase in Security Breach (Reporting) Since GDPR
British law firm Fieldfisher is reporting that prior to GDPR they were dealing with around 3 breach cases a month and post GDPR they are dealing with one case every day.
This is likely not due to hackers upping their game, but rather companies that would have previously swept a breach under the rug are now reporting it, fearing that 20 million Euro sword aimed at their head if they don’t report and get outed. That outing could be from an employee who disagrees with the idea of keeping a breach secret.
The breaches that Fieldfisher is seeing are both small, technical breaches and larger breaches similar to the British Airways breach this week that compromised 300,000+ credit cards. Source: Computing.
Data on 130 Million Chinese Hotel Guests for Sale on Dark Web
Data on guests of the Chinese hotel chain Hauzhu (3800 hotels) is available on the dark web for around $50k (8 bitcoin). The data – 240 million records – includes everything from name, address, phone, email to passports, identity cards and bank account information. Make sure you have a good Internet connection if you buy it – the data is about 140 gigabytes in size. While the Chinese are trying to shut down all forms of cryptocurrency since they can’t control it, that doesn’t stop foreigners from buying the data. Source: Next Web.