Doing shady things - infosec links December 10, 2014

DEA Sets Up Fake Facebook Page in Woman's Name - Bruce Schneier - Schneier on Security

A woman has her phone seized by the Drug Enforcement Agency and gives them permission to look at her phone. Without her knowledge or consent, they steal photos off of the phone (the article says they were "racy") and use it to set up a fake Facebook page in her name.

Verizon's 'Perma-Cookie' Is a Privacy-Killing Machine - Robert McMillian - WIRED

The company—one the country’s largest wireless carriers, providing cell phone service for about 123 million subscribers—calls this a Unique Identifier Header, or UIDH. It’s a kind of short-term serial number that advertisers can use to identify you on the web, and it’s the lynchpin of the company’s internet advertising program. But critics say that it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.

Be Wary of 'Order Confirmation' Emails - Brian Krebs - Krebs on Security

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.

This post first appeared on Exploring Information Security.

InfoSec links July 10, 2014

Facebook manipulates 700k users' newsfeeds in secrete study prompting backlash - ABC News Australia

Apparently, Facebook has been manipulating people’s timelines in the interest of SCIENCE! What’s interesting to me is that most of the people I talked to about this, really didn’t have a problem with it. Facebook’s terms of service is certainly going to cover their ass in this instance, but I don’t know that I like the fact that they’re playing with people’s timelines to gauge and emotional reaction. I deleted my Facebook account several months ago, but my wife and several family members and friends are on the site. I’d hate to find out that they’re all pissed off because Facebook is experimenting on them.

How Google Map Hackers Can Destroy a Business at Will - Kevin Poulsen - WIRED

Small businesses beware. Your competition could potentially change information on Google that could impact your business. I would highly suggest managing, or getting someone to manage, your online presence.

Enterprise Social Cyber Attack Inforgraphic - ZeroFox

This is an interesting infographic on how attackers are leveraging social media to phish or get someone to install malware.

This post first appeared on Exploring Information Security.

InfoSec scam links July 9, 2014

Phishy Steam Guard File Steals SSFN - Christopher Boyd - Malwarebytes Unpacked

If you buy stuff from another user on the Steam store be very aware of who you are buying from. Also, if they ask you to install something, don’t do it.

"Tracy Morgan Is Dead" Fake Video in Circulation - Christopher Boyd - Malwarebytes Unpacked

Scammers aren’t just waiting for big news to happen; they’re starting to make their own news in an effort to get you install malware. As the article says, stick to high reputable news sources for stories like these.

Heroes of the Storm Beta Keygen: A Wizard Did It - Christopher Boyd - Malwarebytes Unpacked

Getting into beta is a wonderful feeling. I’ve been lucky enough to get into a few beta programs for games that had yet to be released. Heroes of the Storm is another highly anticipated game that has started a beta program. You can sign up on their official site. Any other site claiming to have keys is likely a scam.

This post first appeared on Exploring Information Security.