Tag Archive for: ‘Bad

Bad password practices. Data scraping and data dumps. Sidestepping privacy protections. No honor among thieves.

/in


At a glance.

  • Password users behaving badly.
  • Implications of the Facebook data dump.
  • Sidestepping Apple privacy policies.
  • Crooks mistreating other crooks.
  • Comment on the LinkedIn data scraping incident.

Passwords: out of sight, out of mind. (And out of control.)

There’s a battle raging between two conflicting forces: the need for secure passwords, and the frailty of human memory. The LastPass Blog explores the results of a recent survey they conducted on two thousand Americans and their password habits. While 70% feel they have too many passwords to remember, on average they use the same password over six sites. And with the surge in remote work meaning most individuals need to access various accounts on multiple devices, 65% experience anxiety when they realize they’re using a device that doesn’t have the password they need. SiliconANGLE notes that, according to the Workplace Password Malpractice Report, 62% of US employees write their passwords down on a piece of paper. TechRadar adds that while a whopping 81% store that piece of paper right next to the device the password is meant to protect, and 67% admit they don’t even know where that paper is. Nearly half store their passwords in an unprotected document in the cloud, and troublingly, nearly two-thirds have shared their password with someone via text or email. 

What does the Facebook data leak mean for Facebook users?

Now that the Facebook data leak is front-page news, the big question has become, what can users do if they fear they’re among the half-billion individuals exposed? Forbes explores the difficulty of trying to protect oneself in this type of situation. If it were just passwords that were exposed, changing login info would be an easy fix. But these hackers leaked data like names, birthdates, and addresses — things that are difficult to change on a whim — and all for free. 

CyberNews shares the views of several industry experts. “Putting it out for free also provides some cover should anyone try to trace the stolen data back to its source. Yet another explanation could be that a competing criminal element or other entity put the data out there to demonetize it and take value away from the criminals,” said…

Source…

Beating the bad bots: Six ways to identify and block spam traffic

/in


Advancements in technology have helped us propel forward, changing the way we work and live our daily lives. However, its rapid adoption has led to less sombre means. We have all seen and participated in those various bot tests that some websites carry out, where we have to select the picture tiles which have particular objects. This is to control the usage of the site and reduce spam traffic.

Spam traffic is used in some cases by cybercriminals to commit scams and fraud and has become a tool for phishing scam and malware spread. It is problematic as it is inexpensive to create and send. In 2020, spam messages accounted for a colossal 58.71 percent of email traffic as the graph above indicates.

What is a bad bot?

Source…

Beating The Bad Bots: Identify and Block Spam Traffic To Boost Your Google Ranking

/in


Advancements in technology have helped us propel forward, changing the way we work and live our daily lives. However, its rapid adoption has led to less sombre means. We have all seen and participated in those various bot tests that some websites carry out, where we have to select the picture tiles which have particular objects. The measure is taken by sites to reduce spam traffic.

(Source: Statista)

Spam traffic is used in some cases by cybercriminals to commit scams and fraud and has become a tool for a phishing scam and malware spread. It is problematic as it is inexpensive to create and send. In 2020, spam messages accounted for a colossal 58.71% of email traffic as the graph above indicates. 

It also has a negative impact on your Google ranking. No body like spam traffic, including Google. Once the search engine leader identifies increasing bot traffic on a particular website, it starts penalising and push ranking down.

What is Bad Bot?

There are a range of different bots that you find on the backend of the internet carrying out different types of tasks. Some are harmless such as search engine bots used by Google and Bing, which help the service specifically by browsing the internet to help make available content that can be useful to users based on search queries.

However, bad bots are used in an entirely different way to serve a different purpose. These include. Searching sites and scraping data of it to benefit other sites or sell on and steal information and repost it under a different identity.

Bad Bots also can disturb site metrics as they inflate search results and increase website traffic unnecessarily, leading to slower loading times and unnecessary investments in hardware to maintain the website infrastructure. As we can see from the graph below, in 2019, 24% of traffic emanated from the movement of bad bots.

(Source: Imperva)

They are also able to perform malicious acts on-site, which lead to damaging networks through things such as distributed denial of service (DDoS) attacks. These attacks flood sites with data higher than a level that it can handle. 

Bad Bots are mostly organised on botnets which are a collection of internet-connected devices that have been…

Source…

Cyber Security Today – A new ransomware gang emerges, bad news for cyber crooks and pensioners information exposed

/in


A new ransomware gang emerges, bad news for cyber crooks and pensioners’ information exposed.

Welcome to Cyber Security Today. It’s Wednesday December 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:

 

There’s another sign that ransomware is paying off for cybercriminals: A new group has emerged, according to the Bleeping Computer news site. The gang calls itself Hades, and one of its first victims is a large American freight transportation firm called Forward Air Corporation. The attack occurred on December 15th but the firm only filed a report with the U.S. Securities and Exchange Commission on Monday.

Meanwhile a group of tech companies including Microsoft, McAfee, Rapid7 and Citrix are banding together to fight ransomware. To be called the Ransomware Task Force, it will officially start next month. Its goal is to assess the effectiveness of existing anti-ransomware solutions and create a road map of concrete objectives and actionable milestones fighting ransomware. It hopes to include representatives of government, law enforcement, nonprofits, cybersecurity insurance, and international organizations.

There is another organization of largely European security vendors and police called No More Ransom. It’s a three-year-old project that hosts a number of decryption tools for IT security professionals to use in case their firm is attacked.

Some good news: Police in Europe and the FBI have taken down three websites that offered protected web hosting and virtual private networking encryption often used by criminals for ransomware and other scams. Among crooks these are called bulletproof hosting services, because they ignore complaints about suspicious activity and don’t care who uses them. After taking down the sites police identified and alerted over 250 companies who were being spied on by criminals using the services.

In another move the European police co-operative called Europol announced the launch of a platform to help police unscramble encrypted information lawfully seized in criminal investigations. Police in 24 countries will be able to use the service. Not included is the United…

Source…