Mozilla And Google Boosts Anti-Tracking And Security

Jason Cooley is Support Services Manager for Tech Experts.

Internet security changes all the time and so does the variety of issues. We have to be sure to run anti-virus, watch out for infections and phishing, and regularly change our passwords just to start the process of being safe on the Internet.

There are people that spend time to create these viruses and other hidden or unwanted system modifications.

While their motivation may not be known (usually money), one of the hazards of using the Internet is dealing with the headaches these things can cause.

On top of regular infections, there are many data gathering processes that can run in the background of your system.

These can be gathering data to send to someone attempting to steal your information. There are also websites that gather data when you visit, login, or create an account.

While there are instances where gathering data is used maliciously as I mentioned, it is also something legitimate sites can be guilty of. In 2019, you may have heard of sites like Google and Facebook gathering information, but what and how much are they gathering? What can you do about it?

Earlier this year, the International Computer Science Institute investigated Google and the Applications linked with its Playstore.

Applications downloaded from Google and the Playstore can gather data, and that can be used to create your Advertising ID. This ID is unique, but is and can be reset.

Many applications were also linking that Advertising ID with the hardware IDs of a device, such as the MAC address. This is forbidden as it allows the data to be permanently stored, even when you erase your history and erase the application data. Google is addressing the issue and already forcing some applications to change its data gathering process.

Google is also stepping up security for mobile devices in another way. Users that are familiar with Chrome and its password storing may know the browser version of Google can suggest a strong password.

This is now coming to mobile devices as well, which will sync security across all devices, prompting you to use a strong and unique password when it is determined your password is weak or frequently used.

Facebook may be the king of data harvesting. I am sure many of you have searched for something on the Internet, then noticed ads on Facebook showing that item. This is part of targeted advertising done by Facebook.

Facebook has the ability to follow you around the web, checking your browser habits and collecting user data anytime you are on a site with a Like or comment section from Facebook attached.

Mozilla Firefox introduced the Facebook Container extension for its browser last year, which keeps Facebook isolated.

While it has been out for awhile, 2.0 was just released, which blocks those sites with the Facebook links from gathering information.

Firefox is stepping up the anti-tracking to another level as well. The browser debuted its new “Enhanced Tracking Protection.” Mozilla teamed up with Disconnect, an open source anti-tracking program to create this new protection that blocks over 1,000 third party websites from gathering data while you browse the Internet.

This feature is enabled by default once the browser is updated to its newest version.

Some may not worry about their privacy online, but for those who do, it’s time to update.

What Are The Top Cybersecurity Trends For 2019?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime.

According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers.

Cybersecurity trends for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher regulations
As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. [Read more…]

Can Anyone Really Track Your Phone’s Precise Location?

It’s 2019 and everyone willingly carries a tracking device in their pockets. People can have their precise locations tracked in real time by law enforcement, the government, and advertising companies. It may sound like dystopian fiction, but it’s a reality.

How law enforcement can track your location
AT&T, Sprint, and T-Mobile all sell data — including geographic locations associated with customer phone numbers — to a variety of sketchy third-party companies. This data, for instance, can be used by the bail bond industry to track people down, sometimes as accurate as a few hundred feet of their location. There’s not much oversight and rogue bounty hunters have access to the data. And this isn’t even a new problem.

Back in May 2018, The New York Times reported that this could happen. After the story broke, cellular carriers promised to do better. AT&T, Sprint, and T-Mobile have all promised to stop selling this data to aggregators. And it appears that Verizon already stopped before the New York Times story.

How the government can track your location
It’s worth emphasizing that the government itself can still get access to your location data from your cellular company. They just need to get a warrant, then serve that to your cellular service provider.

If the technology exists, the government can get access to it with a warrant. It is quite a change from decades ago when the government had no way to track people’s real-time locations with a device that’s nearly always on their person.

The government doesn’t even need to get your cellular company involved. There are other tricks they can use to pinpoint your location with even better accuracy, such as by deploying “stingray devices” near you. These devices impersonate nearby cellular towers, forcing your phone to connect to them.

How advertisers can track your location
It’s not just your cellular carrier. Even if your cellular carrier perfectly safeguarded your data, it’d probably be very easy to track you thanks to the location access you’ve given to apps installed on your smartphone.

As innocuous as they may seem, Weather apps are particularly bad. You install a weather app and give it access to your location to show you the local weather. But that weather app may also be selling your data to the highest bidder. You likely didn’t pay money for your weather app, so the developers will need to make money somehow to keep the lights and servers on.

The city of Los Angeles is currently suing the Weather Channel, saying that its app intrusively mines and sells its users’ location data. Back in 2017, AccuWeather was caught sending its users’ location data to third-party advertisers — even after updating the app to remove that feature.

It’s best to avoid giving third-party apps access to your location. Stop using third-party weather apps and use your phone’s built-in weather app instead.

How your family can track your location
Your phone is capable of determining its location and sharing it in the background, even if the screen is off.

You don’t need to have an app open. You can see this for yourself if you use a service like Apple’s “Find My Friends,” which is included on iPhones. Find My Friends can be used to share your precise real-time locations with family and friends. After you give someone access, they can open the app, and Apple’s servers will ping your phone, get your location, and show it to them. Of course, this is only with your permission, but it just shows how pervasive this technology is.

Inside The United States Of Cybersecurity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Last year, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection. [Read more…]

53% Of Businesses Have Publicly Exposed Cloud Services

Chris Myers is a field service technician for Tech Experts.

Malware comes in many different forms and is used by hackers in a number of different ways. It can be used to steal information, locate vulnerabilities in your IT systems for a secondary attack, or simply to cause damage.

There are countless hackers out there just waiting for your business to leave your data vulnerable. With the introduction of the cloud, you felt a bit more secure and slept slightly better at night – but now, it seems that was precisely what hackers wanted us to do.

A recent Cloud Security Trends study found that 53% of businesses using cloud storage accidentally expose their data to the public. This is like securing your whole house, locking all doors and windows, and then going to sleep with the garage wide open.

This doesn’t just point the finger at small businesses either. The study showed that even big-name companies such as Amazon Simple Storage Service (Amazon S3) had inadvertently exposed one or more of these services to the public.

The scary thing is that the previous survey showed this was occurring only 40% of the time. Now, this number has grown to 53%.

This study was conducted in 2017 between the months of June to September. Within those two months, they found that businesses are not only exposing their own data but they are also neglecting vulnerabilities in their cloud. When you ignore these things, you put not only your customers at risk but also the livelihood of your company as well.

What Are You Exposing?
The report shows that businesses weren’t solely leaking data such as customer information, but incredibly dangerous information such as access keys and other private data as well.

These cyber-attacks commonly expose data such as personal health information, financial information, passwords and usernames, trade secrets, and intellectual property. With two million new malware attacks launching every day, it’s more important than ever to stay in a constant state of vigilance.

Ignoring Vulnerabilities
A common misconception is that it’s the service provider’s responsibility to keep cloud data safe – this is not true. Most of the damage caused by ignoring vulnerabilities can be prevented by training.

If your staff is trained to recognize weaknesses, then they can be more proactive in fighting against them. More than 80% of businesses are not managing host vulnerabilities in the cloud. Vulnerabilities include insufficient or suspicious credentials, application weaknesses, and inadequate employee security training.

Complex Attacks
Not all the attacks and vulnerabilities are the fault of the business. Some of these attacks are far more complex than most businesses are prepared for, including big-name companies. These sophisticated attacks not only know and bypass the company’s vulnerabilities but also various application weaknesses.

What Can You Do About It?
The first action you can take against attacks is recognizing suspicious IP addresses. Have a policy in place for identifying, flagging, and isolating suspicious IP addresses. Spending a few extra minutes of your time could save months of recovery and downtime.

It’s important to pay attention to mistakes that others have made so you don’t suffer the same consequences. Be sure to train and certify the IT staff you already have. Cyberattacks are guaranteed, but what isn’t guaranteed is how prepared your business is to thwart off those attacks.

Virtual Private Networks: What, Who And Why

jared-stemeye

Jared Stemeye is a Help Desk Technician at Tech Experts.

In our modern world, it is tough to come by anyone born within the last two generations who doesn’t use a smart phone, tablet, or other personal computing device daily.

With the ongoing tech revolution comes continuous news of hacked users, mass data collection, and online tracking reported by mainstream news outlets.

This is the reason Virtual Private Networks (VPNs) are becoming a necessity as computer users conduct more and more of their day-to-day lives online.

What Is A Virtual Private Network?
A VPN is a group of computers or networks linked together over an Internet connection. All the information sent or received over the Internet is automatically encrypted when connected to a VPN.

Typically, VPN services offer the highest forms of encryption to protect said data, providing peace of mind for anyone conducting personal or business-related tasks where sensitive information may be present.

As the technology has evolved, VPN applications have become very easy to install and operate. Many of the popular personal-use VPN software developers have made it as simple as installing the app and turning the VPN service on.

Premium VPN services even allow users to choose to mask their IP address, making it appear as though you are accessing the Internet from an entirely different country, which can be quite useful if you do not like your web activity tracked by ad-targeting websites like Facebook or YouTube or your Internet Service Provider.

Who Most Commonly Uses VPNs?
Many different individuals and organizations use VPNs for varying reasons, but the need for a strong layer of security is the fundamental purpose for everyone.

From a business standpoint, VPNs can be easily set up and maintained so that employees can securely access company resources and tools from anywhere on any network or Internet connection without the fear of having sensitive information intercepted.

Further, this encompasses all aspects of a business’ need for security of payroll information, employee and customer information, scheduling, and any other confidential company documentation.

The population of personal VPN users has expanded dramatically in the past year. VPNs are the perfect solution for frequent travelers and those who value their privacy, which has become increasingly difficult to maintain.

Why Should You Use a VPN?
Most of us consider ourselves law-abiding “digizens,” using networks for entertainment, communication and knowledge – but other net users may not be so nice or trustworthy.

A VPN can protect you by concealing your web activities from those with prying eyes under layers of encryption that makes all of your web traffic nearly impossible to intercept or track.

This is especially relevant if you are a frequent user of public Wi-Fi networks, such as your favorite lunch spot or coffee shop. The act of accessing vital information on your devices through a public network is easier than most realize.

Given this, I highly recommend the use of a VPN for your daily Internet use, whether it is personal or professional.

Joining the privatized world of VPNs is an easy and extremely beneficial process.

VPN providers are generally friendly and typically on hand to help should a problem arise.

If you are just getting started with VPNs, consider acquainting yourself more in-depth through a Google search of the top VPN applications and their different features.

Can Employers Ask For Your Facebook Login Info?

A current case that is attempting to define privacy in the era of social media deals with the question of whether your social media account should be visible to current and prospective employers.

The next time you’re asked the typical “name your greatest weakness” interview question, remember it could be much worse: Job seekers applying to Maryland’s Department of Corrections were asked for their Facebook logins and passwords.

Savvy employers already check an applicant’s “digital footprint.” Some companies, like the Maryland Department of Corrections, have gone even further, requesting or even demanding individuals’ social media passwords to look at data not open to the public. Whether this practice is legal remains unclear.

The ACLU filed a written protest in the Maryland case, and the corrections department stopped asking for the information. They then had job candidates log into their Facebook accounts while the hiring manager looked over their shoulder at the Facebook content hidden behind privacy filters.

The officials at the Maryland Department of Corrections said that they did this to make sure job candidates didn’t have any gang affiliations.

The agency told the ACLU it had reviewed the social media accounts of 2,689 applicants and denied employment to seven because of items found on their pages.

One state is banning the practice, and at least 10 other states have bills that have been introduced. A few courts have ruled that such requests violate the federal Stored Communications Act, but the US Supreme Court has not addressed this issue. This legal uncertainty leaves many workers on shaky legal ground.

It’s always good advice to carefully manage the public information posted to your social media sites. For anyone looking to change careers, a review of your privacy settings and friends list is also good advice.

Ensure any sensitive things are limited to your friends (or even a group of just very close friends). It might make sense to have only your basic contact information available to non-friends.

Employers will undoubtedly rely more and more on Internet searches and social networking sites to screen job seekers.

Senators Charles Schumer (New York) and Richard Blumenthal (Connecticut), are planning to ask the Department of Justice to investigate whether employers demanding access to Facebook accounts are violating the law.

In the meantime, review your privacy settings, update so that only the things you want to be available can be seen by the general public.