As reported in Venture Beat on August 3, 2019, Amazon has almost silently announced that Alexa users are now able to choose to block human reviewers from listening to their recordings. Although this human listening is intended to provide quality assurance that the AI is performing as instructed, it does introduce creepy Big Brother Is Always Listening into our lives.
In a statement provided to VentureBeat about the change, Amazon spokesperson said:
We take customer privacy seriously and continuously review our practices and procedures. For Alexa, we already offer customers the ability to opt-out of having their voice recordings used to help develop new Alexa features. The voice recordings from customers who use this opt-out are also excluded from our supervised learning workflows that involve manual review of an extremely small sample of Alexa requests. We’ll also be updating information we provide to customers to make our practices more clear.
To disable the ability for humans to hear your recordings taken by Alexa:
A: Let’s start with this: Federal cybersecurity guidelines are that any portable external storage (USB drive, thumb drive, flash drive, SD card, etc.) are not to be permitted. This is a mandate for government systems, government contractors, health care providers, and financial organizations. It should be a mandate within your organization.
There is a reason for this madness.
One of the common methods of infecting computers with malware or allowing a hacker to access a computer is through portable external storage devices. This can be done in dozens of ways. But just to name a few:
The storage device is compromised at the factory (this has happened numerous times).
The storage device is left on the ground by the criminal, knowing that around 1/3 of people will pick it up and try to see what is on it.
The storage device may have been attached to another computer, and that computer is compromised, and therefore infected the external storage device.
The storage device may hold an electrical charge or be wired to short out your system.
HOW TO WORK WITHOUT PORTABLE EXTERNAL STORAGE
Use cloud storage to share data – Google Drive, Dropbox, Box, etc. are excellent options.
Your IT department should have an air-gaped computer specifically just for dealing with portable external storage devices. They can take the device, plug it into this sacrificial computer and scan it for problems. If it passes, you may now use the device.
Not meaning to be a hard-ass about it, but really, truly, DO NOT HAVE A PORTABLE EXTERNAL STORAGE TOUCH YOUR COMPUTER (unless it has passed a security audit by your IT staff). Doing so places your computer and the integrity of your company data at high risk. And depending on your organization, may subject the organization to very hefty compliance violation fines.
Encrypted: The process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
Chat: A specific form of electronic communication. Originally containing only text, but in recent years has been upgraded to allow inclusion of images, video, and sound.
Client: The application used by the end-user of the computer or mobile device.
So, and encrypted chat client is an application that allows two or more people to share text and possibly images, sound, and video among themselves, and prevents others from access by way of encoding the communication.
Examples include Apple Messages, Wire, and Signal.
This has been the assumption within the IT security community ever since voice-response devices hit the market. I have long found the behavior of Apple’s Siri to be suspect. For example, I may provide Siri with a full paragraph of spoken content, and then watch as Siri enters text, removes some text, enters some more text, edits text, and then completes the paragraph. This is not the action of AI, but of a human translator.
In the case of Siri, it can be disabled on both iOS and macOS devices. It is different with Amazon Echo devices. Without voice response, they serve little purpose or value.
For me, personally, I’m leaving my Echo devices (8?!) unplugged until needed.
A: If you are talking about absolutes, no. However, you can dramatically reduce the chances of compromise when opening email:
Use an email provider that pre-scans your mail for malicious content. This is one reason I favor Google. All incoming email is scanned by over a dozen of the leading anti-malware software before it gets to you.
Install a quality anti-malware software, and keep it updated daily. I’m fond of Bitdefender GravityZone. It will automatically update hourly, and is consistently among the top 3 products in its category.
Enable application whitelisting. With this active, only applications you have approved can launch/execute/open. Since malware isn’t on your list, it simply cannot launch and cause problems.
As reported on TechCrunch January 29, 2019, it appears that as bad as we thought Facebook to be, it has the resources to be far worse.
Facebook
has been secretly paying people to install a “Facebook Research” VPN
that lets the company suck in all of a user’s phone and web activity,
similar to Facebook’s Onavo Protect app that Apple banned in June and
that was removed in August. Facebook sidesteps the App Store and rewards
teenagers and adults to download the Research app and give it root
access to network traffic in what may be a violation of Apple policy so
the social network can decrypt and analyze their phone activity, a
TechCrunch investigation confirms.
Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits, and it has no plans to stop.
When Guardian Mobile Firewall’s security expert Will Strafach was asked to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.
Read the original report for more information on all of the apps Facebook is using, and how it is in direct conflict with Apple’s developer rules.
As reported January 17, 2019 on ZDNET<https://www.zdnet.com/article/some-android-gps-apps-are-just-showing-ads-on-top-of-google-maps/>, 19 new Android apps have been found to be nothing more than junk getting in your way.
All of these apps do the same thing–add an advertising layer on top of Google Maps. At least one even has the gall to request payment to remove the ads in Google Maps–ads that wouldn’t exist except for that app itself!
If you have any of these apps installed on your Android device, remove them ASAP. The problem apps include:
The UniFi AC Pro AP features the latest Wi-Fi 802.11ac, 3×3 MIMO technology in a refined industrial design and is ideal for deployment of maximum‑performance wireless networks.
Manage Your Networks from a Single Control Plane
Intuitive and Robust Configuration, Control and Monitoring
Build and expand your network with Ubiquiti Networks® UniFi® Switch, part of the UniFi line of products. The UniFi Switch is a fully managed, PoE+ Gigabit switch, delivering robust performance and intelligent switching for growing networks.
Lucky you, Santa left some IT goodies under our tree!
Ubiquiti UniFi Switch 16 150W SN: 788A20FD84B9 New, in box. The UniFi® Switch delivers robust performance over its 18 independent switching ports. Two SFP ports offer optical connectivity, and 16 Gigabit Ethernet ports offer 802.3af/at PoE+ or 24V passive PoE sharing a total of 150W PoE.
A: An insecure network is an insecure network – regardless of the physical or geographical location.
As to how unsafe it may be, depends on your definition.
The biggest issue is the good possibility that your network traffic is watched. This means that any username, password, or other sensitive information you enter may be viewable by some creep in or near the library.
If you are using your own computer, the workaround is to use a vpn service. This will securely encrypt all of your internet traffic while on a network – unsecured or secured. I’m fond of NordVPN.
If you are using the library’s computer, you won’t be able to install software, so VPN and tor are not available to you. The only alternative is to ensure that whenever you may need to enter sensitive information, the webpage is encrypted. This displays differently in different browsers, but you may either have a lock icon in the address field, or the URL will start with https, instead of http.
A: Sorry, that is simply not possible. The current US Government recommendation for strong passwords is a minimum of 15 characters. Our brains would have a tough time remembering just five such passwords, much less a different password for every website.
The easy solution is to use a password manager to automatically create, store, retrieve, and enter these monsters. I’m fond of LastPass. Super easy, automated, integrates with Android, iOS, macOS, Windows, all major browsers, encrypts passwords at the device, shares the password database among all of your devices, and with the for-fee version, you can share designated passwords with family or staff.
A: This is a topic that books are written about (several by yours truly). Much depends on how high a value target you are (if the NSA is interested in you, good luck), and what you need to use the internet for.
But here is a list to get started:
Use a quality VPN service that also includes tor within their system. I’m fond of NordVPN. As you can see from this screenshot, from the hundreds of available NordVPN servers, they have some that provide Onion services over VPN. This is the industry-standard “belt-and-suspenders” strategy to anonymize your web activities.
Use a secure email system. I’m fond of ProtonMail. ProtonMail uses PGP/GPG to military-grade encrypt all of your email. Even ProtonMail administrators cannot access your email.
Run an unmodified version of the Tails operating system. This can be installed on and run from a thumb drive from any Linux, macOS, or Windows computer. When using Tails, you effectively hide your digital fingerprint, so that your computer cannot be identified. It includes secure versions of web browser, instant messenger, and email software.
With over 40 million malware waiting to harvest, corrupt, or encrypt your data, anti-malware software is an essential addition to the operating system of any and every operating system. The only anti-malware product we currently recommend is Bitdefender GravityZone for Business.
Starting January 1, 2019, computer users who have the MintzIT version of Bitdefender GravityZone installed will see some much anticipated changes. These can be seen when opening the application:
On-Access. This has always been active. This indicates your anti-malware (anti-virus, anti-trojan, anti-ransomware) is active and scanning every file that is opened.
Traffic Scan. This has been newly added this year. Traffic Scan examines all incoming and outgoing traffic for any malicious code. If it is found, it is blocked from taking any action.
Antiphishing. This has been newly added this year. This feature examines every website visited. It prevents users from inadvertently disclosing private or confidential information to online fraudsters. Instead of the phishing web page, a special warning page is displayed in the browser to inform the user that the requested web page is dangerous.
We have extended protection to other types of scams besides phishing. For example, websites representing fake companies, which do not directly request private information, but instead try to pose as legitimate businesses and make a profit by tricking people into doing business with them.
If you find that a legitimate website is being blocked by Bitdefender, please call our office 505.814.1413, and we can whitelist the site.
Get Bitdefender
If you don’t currently have Bitdefender protecting your computers, this is a great time to do so. MintzIT will install Bitdefender GravityZone for a yearly subscription of $36 per computer, plus $37.50 installation labor fee. Call 505.814.1413 x 1 and we will perform the installation while you call!
It is privy to the front desk staff, management, leadership – almost all in unencrypted format.
Unless you are staying at some shady facility, the law requires a drivers license or other ID in order to reserve a room. With your state-issued ID in hand, your information is monetized when sent to the hotel ownership (some other multinational Corp) for sales and marketing.
It is likely sold to other advertisers.
Not to mention that local, state, and federal law enforcement have free access to this information.
All. That. Said…
If
one thinks they have to concern themself with security and privacy at
the level of hotels, it’s time to wake up! They are several blocks back
in the line of people and organizations sniffing through your data.
A: If someone came to you asking for $1000, the keys to your car, and your credit card, you would probably want to know what they were using them for. Not so different for your school and work.
When you are at school or work, you may be using their computers, software, hardware, network, or broadband. These are valuable resources that must be shared among all users.
Imagine if a few people decided to watch streaming 4K movies using these resources. These movies can take up to 15Mb/s bandwidth for each movie. If the school or work has a 50Mb/s Internet connection, 3 people streaming will choke out all other use.
There is a darker side to this issue as well. Schools and workplaces have a legal responsibility to ensure their resources are being used – for lack of better phrasing – for good, and not evil. If a student or employee is conducting illegal activities using the school or work resources, everyone gets caught up in the legal process.
A: According to NIST (one of the federal groups tasked with creating best practices for cybersecurity), there is no longer any recommendation on password aging. That doesn’t mean it’s not a bright idea to do so, just that there are no recommendations.
The recommendations for passwords are:
Use a different password for every site and service.
Use only strong passwords – defined as 15 characters or more.
Use 2-Factor Authentication whenever it is available.
If an account has been compromised, change the password.
I can hear that voice in the back of your head screaming A different password for every site, and a minimum of 15 characters? No way I can remember these!
Life is far too precious to waste any time remembering passwords. Instead, let technology do it for you with a Password Manager. I’m fond of https://www.lastpass.com. Let the Password Manager create your passwords, remember your passwords, and auto-enter your passwords.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
