Showing posts with label cyber security. Show all posts
Showing posts with label cyber security. Show all posts

Friday, February 23, 2024

Protecting Yourself from QR Code Fraud

via Social Security Administration:

"Quick Response codes, better known as QR codes, are a very popular way to get information. QR codes are scannable barcodes that will direct you to a website.

There are many legitimate and helpful uses for QR codes, from paying for parking to viewing a restaurant menu. But since scammers often use QR codes to carry out their schemes, it’s important for you to learn how to spot a fake!

Scammers create QR codes to trick people into visiting a fraudulent website or downloading malware that compromises their personal information."
Continue reading the article online to get those tips 

Protecting Yourself from QR Code Fraud
Protecting Yourself from QR Code Fraud

Saturday, December 2, 2023

So an online scam is NOT what you ordered?




Consumer Alerts from the Federal Trade Commission

By Kira Krown, Consumer Education Specialist

This time of year, you're probably buying lots of things online. Gifts, decorations, food! 

But what if something you've ordered shows up different than advertised? Or damaged? 

Or never comes at all? If so, you're not alone.

Read more ->  https://consumer.ftc.gov/consumer-alerts/2023/11/so-online-scam-not-what-you-ordered



YouTube video -> https://youtube.com/shorts/yEoeGmIw3l0?si=2bhYpHOEkvZjCB-u


So an online scam is NOT what you ordered?
So an online scam is NOT what you ordered?

Monday, July 24, 2023

Childhood 2.0: The Living Experiment - A movie screening for parents Weds, July 26 at 5:30 PM

Denise Spencer (@DSpencerFSC) tweeted on Sun, Jul 23, 2023:

"THIS Wednesday night attend the viewing of a documentary on children & internet safety. 
It's certainly a heavy topic, but critically important. Professionals will offer a comforting space for viewing and guide the discussion in an inclusive and solution-focused way."
--------------------

"Parents: Join us for an important film screening of Childhood 2.0, followed by a discussion with Local Parents.

Childhood 2.0 is required viewing for anyone who wants to better understand the world their children are navigating as they grow up in the digital age. Featuring actual parents and kids as well as industry-leading experts in child safety and development, this documentary dives into the real-life issues facing kids today — including cyberbullying, online predators, suicidal ideation, and more." 

Childhood 2.0: The Living Experiment - A movie screening for parents Weds, July 26 at 5:30 PM
Childhood 2.0: The Living Experiment - A movie screening for parents Weds, July 26 at 5:30 PM

Wednesday, January 11, 2023

Tri-County RVTHS Computer Information Systems Students’ Win Gold and Silver Placement in Statewide CyberPatriot Competition

Tri-County Regional Vocational Technical High School CIS sophomores and juniors competed in the state round of the CyberPatriot competition in December. CyberPatriot is an educational program created by the Air & Space Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines that are critical to our nation’s future. At the core of the program is the National Youth Cyber Defense Competition, the nation’s largest cyber defense competition that tasks middle and high school students nationwide to secure virtual networks.

The statewide competition was held on December 9, 2022 and two teams from Tri-County RVTHS placed in the Silver and Gold Level of the State Competition. The Competition is comprised of several rounds and teams are slotted into Silver, Gold, or Platinum tiers after the first two rounds. Sophomores: Conor Cadorette from Franklin, Corey Ball from Medway, William Godfrey from Seekonk, John Raymond from Franklin, and Cayden Bourassa from Seekonk placed 1st in the Silver Level and will move onto semi-final regionals to be held January 20th and 21st. Juniors: Tristan Poirier from North Attleboro, James O’Brien from North Attleboro, Noah Renner from Norfolk, Troy Casto of Seekonk, Sean Vengren of Walpole, and Cameron Jones of Plainville placed 8th in the Gold Level.

Back Row: (L to R) William Godfrey (Seekonk)   Corey Ball (Medway)   Conor Cadorette (Franklin) Seated: (L to R) Cayden Bourassa (Seekonk)  John Raymond (Franklin)

Back Row: (L to R) -> William Godfrey (Seekonk)   Corey Ball (Medway)   Conor Cadorette (Franklin)
Seated: (L to R) -> Cayden Bourassa (Seekonk)  John Raymond (Franklin)

The CyberPatriot competition allows students to gain hands-on experience of securing a virtual network. Students are asked to find and fix cybersecurity vulnerabilities in virtual operating systems then using a proprietary competition system, teams are scored on how secure they make the system. “The CyberPatriot Competition is an opportunity for students to apply the knowledge they have gained in the classroom to a simulated real-world situation. Students gain experience and confidence through the program which is invaluable,” stated Kimberly Zogalis, CIS Instructor.

For more about Tri-County visit their page ->  https://tri-county.us/

Saturday, November 27, 2021

Washington Post: "Be on guard for free-shipping deals that could end up being fake"

"It wasn’t just the pandemic that pushed more people online. Long before COVID, more shoppers decided to skip the crowds and simply click for their holiday gifts.

And I get it. I hate shopping — especially during the holidays. There’s the hunt for a parking space, the throngs of customers, the long checkout line at stores with 10 lanes but only three cashiers working the registers.

The old phrase “Shop till you drop” has become more like “Shop till you want to scream.”

So it makes sense that for the first time in Gallup’s look at holiday spending trends, a majority of Americans — 56 percent — say they are very likely to do their Christmas shopping online. That’s up eight percentage points from 2017."
Continue reading the article online. (Subscription maybe required)
Be on guard for free-shipping deals that could end up being fake (Wilfredo Lee/AP)
(Wilfredo Lee/AP)


Sunday, November 14, 2021

GOOD DEEDS: Paid Consultant - Not a Cybersecurity Expert

GOOD DEEDS:  PAID CONSULTANT - NOT A CYBERSECURITY EXPERT

By William P. O'Donnell, Norfolk County Register of Deeds

 

This is part of a series of essays which demonstrate why a much heralded by some Abrahams Study when it comes to the Norfolk Registry of Deeds and Registry Technology is flat out wrong.   Recommendations to eliminate the on-site Registry Chief Information (CIO) and the on-site Registry IT Technology Department which has been an integral part of the Norfolk Registry of Deeds operations for decades is not a sound policy.  These misguided recommendations from a paid consultant who never visited the Norfolk Registry of Deeds do not recognize the role the Registry IT Technology Department has had on modernization initiatives that have benefited Registry users and Norfolk County residents.

 

A Register of Deeds is tasked to run the Registry of Deeds by state law and the voters.  The Norfolk Registry of Deeds is a place where land records from the deed to your home and business, from the homestead that protects your home to the mortgage discharge that tells the world your loan has been paid off all are recorded.  During the last fiscal year over 205,000 land record documents got recorded and processed by the Norfolk Registry of Deeds.  These recordings could not be done without a dedicated staff.  But it also could not be accomplished without using technology as well as the expertise and knowledge of the Registry IT Technology Department.  As Register of Deeds it is my fiduciary duty to fight these bad policy recommendations on behalf of home and business owners who rely on the land records and data at the Registry of Deeds for the legal title to those homes and businesses.  There are frauds going on now as it is that involve stealing the legal title to homes and property. Imagine what would happen at the Norfolk Registry of Deeds if there was no on-site Registry IT Technology Department to at least battle the cybersecurity predators and criminals.

 

State law requires monies to be collected by all 21 of the Registries in Massachusetts.  The Norfolk Registry of Deeds collected over 81 million dollars during the last fiscal year in the midst of the COVID-19 pandemic.  These monies got collected using technology.  If there is no on-site Registry IT Technology Department what could happen to this money which comes back to cities and towns in the form of local aid, public safety, educational reimbursements as well as social services programs?  If there is no on-site Registry IT Technology Department in the Registry building working with and helping Registry staff collect Community Preservation Act (CPA) funds through the use of technology what could happen to those Community Preservation Act projects in the cities and towns of Norfolk County?  Nothing good is coming out of this “Abrahams recommendation” as there are too many possible bad outcomes that could take place without a robust on-site Registry IT Technology Department.

 

The report of consultant, Mark Abrahams, who never came by the Norfolk Registry of Deeds as part of his study, just does not properly recognize the role of the Registry IT Technology Department has in the overall scheme of operations at the Norfolk Registry of Deeds.  Does anyone think in five years there is going to be less technology in protecting the land records that authenticate the title to your home or in providing services to Registry users, departments in county municipalities and the general public?  Technology will continue to transform and be an integral part of our day to day society.  Another question that needs to be answered is why make a recommendation to get rid of a 2 permanent person Registry IT Technology Department in this age of cybersecurity attacks and ransomware? There is a newly appointed legislative committee at the Massachusetts State House that is examining cybersecurity and the tremendous costs in terms of money and operations on towns, businesses even a local ferry system that have been victims of cybersecurity intrusions and breaches. Paid consultant Mark Abrahams missed the boat on his study of the Norfolk Registry of Deeds and its IT Technology Department.  It is crucial that the Norfolk County Commissioners recognize this and do not implement the Abrahams recommendations as it relates to the Norfolk Registry of Deeds.

 

Another compelling reason to totally disregard Mark Abrahams’ IT Technology recommendations is that right in his report Mr. Abrahams states “IT security is not part of our scope.” How can someone in this day and age of cybersecurity breaches and ransomware be making any IT Technology recommendations when you did NOT look at IT security? It would be a dereliction of duty amounting to negligence some may argue gross negligence to act on IT Technology recommendations at the Norfolk Registry of Deeds made by a paid consultant where “IT security is not part of our scope.” What is at stake is the land records and data that are used to authenticate the legal real estate title to your home as well as your business.  The biggest asset most of us have is our home.  This asset is too valuable to act on recommendations of a paid consultant who also wrote “…we are not security experts, however cybersecurity and disaster recovery came up in our interviews and meetings.”  Mark Abrahams and his assistant who looked at “Information Technology” are not proficient in cybersecurity why should their IT Technology recommendations be followed?

 

Some may argue you should not be even making any IT Technology recommendations in this day and age without assessing cybersecurity.  In courts of law individuals come in to offer opinions on various subject matters.  However, before these persons give an opinion to a jury a judge would examine their credentials to be an “expert” and give an opinion.  Who can forget the trial court scene when Joe Pesci as criminal defense attorney Vinny Gambini was trying to qualify Marisa Tomei as Mona Lisa Vito as an automobile expert in the comedy movie “My Cousin Vinnie.”  Unlike Mona Lisa Vito in the movie however, Mark Abrahams and his opinions on Information Technology should be disqualified.  This paid consultant is not qualified to give an opinion on Information Technology.  It is not just an unsound decision to just accept Mr. Abrahams IT Technology recommendations, it borders on reckless given all the possible negative impacts and bad outcomes that could take place in implementing Information Technology (IT) recommendations made by this paid consultant. 

 

The Abrahams IT Registry technology recommendations are not about saving money. The Norfolk Registry IT Technology Department is a 2 permanent persons operation.  Mark Abrahams writes in his report “We feel that from a management perspective, the IT operations are being well run considering the limited staff.” All things being fair and equal those words should end any debate about eliminating the on-site Registry IT Technology Department working at the Registry building for and with Registry staff, Registry users, Norfolk County municipal governments and the general public.

 

If you are as concerned about this matter as I am or have received good service from the Norfolk Registry  of Deeds, please feel free to sign the online petition linked here https://chng.it/YY9MvxNqcq.  


Please contact the three Norfolk County Commissioners that will make this decision. Norfolk County Commissioners, Joseph P. Shea, Chair, Peter H. Collins, Richard R. Staiti 614 High Street, Dedham, MA 02026 


Or email them at: JandJSheaquincy@gmail.com, Petercollins@collinsandcollinspc.com Rrstaiti55@yahoo.com

 

Thank you.


GOOD DEEDS: Paid Consultant - Not a Cybersecurity Expert
GOOD DEEDS: Paid Consultant - Not a Cybersecurity Expert

Wednesday, October 13, 2021

The background on QR codes; QR code for Election Collection 2021


"Just open a phone camera, point it at this special type of link and get transported to a website with more information than a paper menu ever offered. Even classically brick-and-mortar businesses like furniture retailers are using QR, or quick response, codes to help shoppers choose what to buy.

But QR codes serve a purpose beyond cutting down on germs. They turn analog interactions — like ordering a pizza — into digital ones, and those digital interactions can be subject to tracking by the restaurant or store. Because QR codes open a browser, companies might use that digital signal to connect the dots between online and offline activity."
Continue reading the article online. (Subscription maybe required)
https://www.washingtonpost.com/technology/2021/10/07/are-qr-codes-safe/

The QR Code to get to the "Election Collection 2021" is shown here

The QR Code to get to the "Election Collection 2021"
The QR Code to get to the "Election Collection 2021"



Monday, October 4, 2021

60 Minutes "a betrayal of democracy" leads to decision that Franklin Matters Facebook page to go away Dec 1, 2021

60 Minutes (@60Minutes) tweeted at 7:42 PM on Sun, Oct 03, 2021:

"The version of Facebook that exists today is tearing our societies apart and causing ethnic violence around the world," says former Facebook employee France Haugen. She points to Myanmar, where the military used Facebook to launch a genocide.
Find the full 60 Minutes segment here -> https://t.co/WU4IumjHkO 

Shared from Twitter: https://t.co/cy9Ed9MgbH




Note: this is a continuation of the revelations about Facebook since the  Cambridge Analytica scandal. in 2018  I attempted to remove Franklin Matters updates from Facebook at that time and the readers, followers on Facebook created an uproar so I stayed reluctantly.

As a data security and privacy professional I can no longer condone the Facebook business model. Effective Dec 1, 2021 the Franklin Matters Facebook page will go away. You are given notice to find one of the other options to obtain the valuable information shared but not longer directly by me on Facebook.

Someone can also set up a way to take what I share and share it themselves to Facebook. I have no way to stop that. Folks occasionally do so on their own today.

My personal account will remain on Facebook to maintain my family and network connections. I have limited what is posted and shared in that way and am willing to take the risk to maintain those family connections.

I can no longer take the risk exposing your information in this way. Facebook needs to change and only actions like this will get their attention to do so.

Why Dec 1?
The Franklin election is important and as divisive as Facebook is, for those who depend upon it for info, I will provide some time for them to begin to make their move to one of the alternatives.

If you need or want help setting up email or RSS, I'll offer to schedule a Zoom session (or two) to walk through the process. Let me know if you are interested via email or comment on this post.



Reference points on Facebook data leaks
Mark Hurst's Good Report also has a listing on RSS Readers to add to what I shared here.  https://goodreports.com/post/rss-reader.html

Franklin Matters Facebook page to go away Dec 1, 2021


Sunday, September 26, 2021

If you only do one thing with your privacy settings ...

"There’s probably a little bit of Google in every part of your life. The company hosts a sprawling network of tools and apps we use for everything — from school assignments and work emails, to watching how-to videos and making calls. The good news is that Google has tried to collect its most important privacy settings into one place, which means you can protect your data in Gmail and Google-owned YouTube at the same time.

Google offers a “Privacy Checkup” to get through settings quickly, but defaults to more mild options than we’ve listed below. There are some trade-offs when you limit Google’s data collection, according to the company. Google services that give recommendations might not be as helpful, and any ads you see will be less accurately targeted.

These privacy setting recommendations are based on your Google Account settings on the Web. You can also access them through individual Google apps or your settings on an Android phone by going to Settings → Google (or Google Services)."
Continue reading the article online. (Subscription maybe required)
https://www.washingtonpost.com/technology/2021/09/23/google-privacy-settings/

If you only do one thing with your privacy settings ...
If you only do one thing with your privacy settings ...


Thursday, September 16, 2021

Passwords may be going away, starting with Microsoft

"You’ve got a lot of passwords to keep track of for your online bank account, insurance company, social media profiles and even your kid’s school software. But starting today, your Microsoft account doesn’t have to be one of them.

The company said Wednesday that it is officially retiring written passwords for personal accounts, including Outlook, OneDrive and Family Safety. Corporate accounts have been eligible for password-free sign-on since March.

The change comes as the entire IT industry rethinks its decades-long reliance on “shared secret” passwords — or the kind you have to remember. People have a tendency to lose and forget them, creating extra costs and headaches for companies and customers alike."
Continue reading the article online. (Subscription maybe required) 
https://www.washingtonpost.com/technology/2021/09/15/microsoft-passwordless/

Microsoft announced it is rolling out a no-password sign-on system for personal accounts on its Outlook, OneDrive and Family Safety products. (Jeenah Moon/Bloomberg News)
Microsoft announced it is rolling out a no-password sign-on system for personal accounts on its Outlook, OneDrive and Family Safety products. (Jeenah Moon/Bloomberg News)


   

Tuesday, June 8, 2021

News of Interest: Amazon implementation raises security issues

"There’s an eyebrow-raising technology buried inside millions of Amazon Echo smart speakers and Ring security cameras. They have the ability to make a new kind of wireless network called Sidewalk that shares a slice of your home Internet connection with your neighbors’ devices.

And on Tuesday, Amazon is switching Sidewalk on — for everyone.

I’m digging into my settings to turn it off. Sidewalk raises more red flags than a marching band parade: Is it secure enough to be activated in so many homes? Are we helping Amazon build a vast network that can be used for more surveillance? And why didn’t Amazon ask us to opt-in before activating a capability lying dormant in our devices?

I recommend you opt out of Sidewalk, too, until we get much better answers to these questions."
Continue reading the article online (subscription may be required)

Monday, March 29, 2021

Vaccine 'passports' (really 'certificates') will be difficult but are in development

"The Biden administration and private companies are working to develop a standard way of handling credentials - often referred to as “vaccine passports” - that would allow Americans to prove they have been vaccinated against the novel coronavirus as businesses try to reopen.

The effort has gained momentum amid President Joe Biden's pledge that the nation will start to regain normalcy this summer and with a growing number of companies - from cruise lines to sports teams - saying they will require proof of vaccination before opening their doors again.

The administration's initiative has been driven largely by arms of the Department of Health and Human Services, including an office devoted to health information technology, said five officials who spoke on the condition of anonymity to discuss the effort. The White House this month took on a bigger role coordinating government agencies involved in the work, led by coronavirus coordinator Jeff Zients, with a goal of announcing updates in coming days, said one official.

.... 

U.S. officials say they are grappling with an array of challenges, including data privacy and health-care equity. They want to make sure all Americans will be able to get credentials that prove they have been vaccinated, but also want to set up systems that are not easily hacked or passports that cannot be counterfeited, given that forgeries are already starting to appear."


Continue reading the article online at the Boston Globe (subscription may be required) 
https://www.bostonglobe.com/2021/03/28/nation/vaccine-passports-are-way-developing-them-wont-be-easy/

Or where it originated with the Washington Post (subscription may be required):  



Thursday, March 11, 2021

Tri-County Regional Vocational Technical High School Participates in CyberPatriot Competition

CyberPatriot is the National Youth Cyber Education Program created by the Air Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation's future. At the core of the program is the National Youth Cyber Defense Competition, the nation's largest cyber defense competition, that puts high school and middle school students in charge of securing virtual networks.
 
A total of 4,081 teams registered for this year's competition. Teams from the United States, Canada, and the Department of Defense Dependents schools abroad are eligible to participate in CyberPatriot's core program, the National Youth Cyber Defense Competition. The National Youth Cyber Education Program challenges teams of high school and middle school students to find and fix cybersecurity vulnerabilities in virtual operating systems. Using a proprietary competition system, teams are scored on how secure they make the system.

Four teams of six students represented Tri-County in this year's competition. Aiden Mai of Franklin, Kenjiro Mai of Franklin, Alex Comeau of Plainville, Callaghan Killian of North Attleboro, Zachary Belvin of North Attleboro, and Tyler Morrison of Franklin placed first in the Gold Division for Massachusetts.

The second team of Ryan Leber of North Attleboro, Jason Conti of Walpole, Christopher Zajac of Franklin, Christopher Virkaitis of North Attleboro, Gabriel Corey of Franklin, and Joshua Bellunduno of Franklin placed third in Massachusetts for the Platinum Division.

All teams worked hard; there were three rounds of competition. The State round being the one we participated in in January. Virtual National Finals will be held March 19-21, 2021.

Congrats to all. 

 

Four teams of six students represented Tri-County
Four teams of six students represented Tri-County


Tuesday, February 23, 2021

New York Times: "Why Was SolarWinds So Vulnerable to a Hack?"

Security expert Bruce Schneier write about the SolarWinds hack in the New York Times:

"There are two problems to solve. The first is information asymmetry: Buyers can’t adequately judge the security of software products or company practices. The second is a perverse incentive structure: The market encourages companies to make decisions in their private interest, even if that imperils the broader interests of society. Together these two problems result in companies that save money by taking on greater risk and then pass off that risk to the rest of us, as individuals and as a nation.

The only way to force companies to provide safety and security features for customers and users is with government intervention. Companies need to pay the true costs of their insecurities, through a combination of laws, regulations and legal liability. Governments routinely legislate safety — pollution standards, automobile seatbelts, lead-free gasoline, food service regulations. We need to do the same with cybersecurity: The federal government should set minimum security standards for software and software development."

Continue reading the article online (subscription may be required) 
 
Previous articles on the SolarWinds hack 



Saturday, January 16, 2021

Spear Phishing makes the news (again)

 
"A prominent TV news anchor in India, Nidhi Razdan was looking forward to starting her new job as an associate professor of journalism at Harvard University in September.

Just one setback. Harvard doesn’t have a journalism program.

After months of delays that she attributed to the pandemic, Razdan had a jarring realization: the faculty position, it turns out, doesn’t exist. The offer she thought she had accepted was nothing more than an elaborate ploy to access her personal information, she said."
Continue reading the article online (subscription may be required)
 

Sunday, January 3, 2021

Great summary of the Solar Winds attack, not just on the US

Noted security expert Bruce Schneier writes: 

"Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous. 
Espionage is internationally allowed in peacetime. The problem is that both espionage and cyberattacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk — and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack. 
Here’s what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR — previously known as the KGB — hacked into SolarWinds and slipped a backdoor into an Orion software update. (We don’t know how, but last year the company’s update server was protected by the password “solarwinds123” — something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks. 
This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself — and can affect all of a supplier’s customers. It’s an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone."

Continue reading the article online

screengrab of https://www.schneier.com/
screengrab of https://www.schneier.com/