Category Archives: Internet Security

Bitdefender wants to protect your device for just over 7 dollars, but there’s a catch – TechRadar

If you're looking for a great deal on security - Bitdefender has extended its Black Friday sale and its Total Security 2020 platform has never been so cheap.

The company is offering a huge 60% discount, which means you pay only $35.99 (excluding taxes) for a year's protection instead of the usual $89.99.

Thats about $7.20 per device, or just pennies per day, for one of the best security suites on the market.

Bitdefender Total Security 2020 - $35.99 (60% off)

Not only is this one of the cheapest antivirus deals around, it comes from one of the world's biggest security companies. Bitdefender Total Security 2020 is your Swiss Army knife - a security toolkit that also boasts multi-layer ransomware protection on up to five devices. It constantly tracks malware, recording cyberthreat patterns to keep you secure online.

While there is a VPN tool includes, it's not the best in town for a number of reasons - and we believe you'd be much better off using a standalone service such as ExpressVPN.

In a nutshell, you get complete protection across up to five of your devices (Windows, MacOS, iOS and Android). The new version includes webcam and anti-ransomware protection and zero system slowdowns, plus dozens of other features.

Just bear in mind that this deal is only valid for the first year and you will likely pay far more going forward. One way to get around the issue is to use a different email on renewal to pass as a new customer.

We'd recommend leaving the company's Antivirus Plus 2020 and Internet Security 2020 offerings; both of them are fantastic products but will run you $12 and $4 respectively. With Total Security 2020, you get a much better all-rounder with extra device coverage to boot.

See the original post:
Bitdefender wants to protect your device for just over 7 dollars, but there's a catch - TechRadar

How scammers take advantage of stressed-out taxpayers – The Guardian

As the self-assessment tax return deadline looms this week, the pressure is on for millions of self-employed workers and business owners. Getting the paperwork in on time is an annual headache and that pressure may make them more susceptible to scams.

In the last year, HMRC has received 900,000 reports of suspicious phone calls, texts and emails most promising tax rebates. And they are becoming more sophisticated and increasingly convincing.

With a galling similarity to official communications using the same logo and seemingly official reference numbers emails from fraudsters ask recipients to click on a PDF attachment, which then requires them to fill in their bank details.

Calls from numbers which look identical to HMRC are also increasing. They can even include Government Gateway account numbers which makes them very easy to fall for, and infuriating for those who succumb.

We are human, so we can make mistakes. Even cautious people click on malicious attachments or links, says Jake Moore, a specialist at internet security company ESET. As the scams spread to social media, where many people may not be expecting to be contacted about tax details, and via direct messaging through Facebook and WhatsApp, there is one simple rule to remember - HMRC stresses it never uses any social media to offer a tax rebate, or ask for personal or financial information.

The scams do not always come in the enticing form of a promised rebate. Calls can be far more threatening, telling their target they owe money and will be arrested for tax fraud or have their bank account frozen within hours if they dont pay.

Be on the alert for automated calls. Ray Walsh from ProPrivacy.com particularly warns about accepting so-called robocalls, which aim to trick people into pressing a key on their keypad to connect to a caseworker to make a payment. Some have succeeded in adding charges to a victims phone bill simply by making them press a key.

Matthew Singleton, a Manchester-based finance professional, was targeted by scammers shortly before Christmas. He received a call from an 020 number and was taken through security. The scammer knew his name and address and told him he had underpaid his income tax.

They know what the trigger points are, and that if a call or email is out of the blue you can start to get flustered

When Singleton said it was a scam, he was told to Google HMRC and go to the contacts section of the site. The scammer said he would ring back from an 0300 number listed there. My phone then came up with this 0300 number the exact same number as on the HMRC website, says Singleton. He was told he could pay the amount owed more than 4,800 over the phone. There was no way I was doing that. I had not had any documentation. But I was told an arrest warrant would be issued within two hours of the call ending.

Singleton reported the scam to Action Fraud but believes HMRC could do more to increase awareness. When you Google HMRC, why cant it put a warning under its link to explain that this could happen? The safest thing is to warn people that even calls from recognised HMRC phone numbers may not be legitimate.

Joel Lewis, consumer policy manager at Age UK, agrees. I think HMRC should do a bit more to promote the fact these scams exist. We hear a lot about self-assessment deadlines, but not that you need to watch out because there are people pretending to be HMRC, he says.

The chief executive of cyber-security firm DynaRisk, Andrew Martin, says scammers can spoof any number new or old. In the case of text messages, scammers can alter the caller ID field to say HMRC. For phone calls, they alter it to show a number thats the same as another HMRC number.

The problem has led HMRC to work with the telecommunications industry and regulator Ofcom to prevent the cloning of genuine contacts. HMRC says it has seen a 94% reduction of phone scams spoofing genuine numbers since controls were introduced in April 2019. We have put in place pioneering new controls such as DNO [Do Not Originate] to prevent spoofing of the most used inbound helpline numbers, it says. During the past year, the teams work also instigated the removal of 1,921 unique numbers being used by scammers.

It says it is also working to raise awareness of scams via the media: We have a reporting channel which responded to nearly 200,000 calls from customers in the last year, and we maintain dedicated information on HMRC scams on the gov.uk educational pages.

Consumers are advised that if they receive a phone call from someone purporting to be from HMRC, they should end the call and phone back on a verified number. Check the HMRC website or use the number on a letter you have received in the past.

Be aware, however, that scammers can keep phone lines open, which means the original connection remains active even if the consumer has hung up. So always use a different phone to call back or wait 10 minutes if its the same line.

Crucially, HMRC will only contact customers due a refund by post. It will never be by phone, text or email, nor will consumers be asked for their PIN, password or bank details. Its advice is to watch out for spelling mistakes and grammatical errors in emails, as well as the use of threatening and urgent language such as you only have three days to reply.

Lewis says the tactics scammers use can be very effective and well-honed, and that it is important not to rush into anything. They know what the trigger points are for people and that if a call or email is out of the blue you can start to get flustered and make a rushed decision, rather than taking a moment to consider what it is you are being asked to do, he says. Dont respond immediately. There is never a need to do that. Ask for a second opinion from a family member or friend or someone else you trust.

Many phishing emails avoid using a persons name and opt for a generic greeting such as Dear customer. Check the from email address carefully, too. Some use random characters and can be easier to spot, but others may end in hmrc.gov.uk and appear more convincing.

Avoid opening the message and do not click on any links or PDF attachments.

Forward suspicious emails to phishing@hmrc.gov.uk and texts to 60599. You can also contact Action Fraud on 0300 123 2040 Monday to Friday 8am to 8pm or use its online fraud reporting tool, particularly if you have lost money

View original post here:
How scammers take advantage of stressed-out taxpayers - The Guardian

Here’s the Top Cyber-Security Software You Need To Consider Downloading For 2020 – Grit Daily

Only 66% of businesses around the world can say they are truly prepared for nowadays cyber-security threats, according to a study by eSecurity Planet. The good news is that companies have started spending more in IT security in 2019 than in previous years.

But while security seems to be getting better, its still costing companies an average of $3.92 million in data breach damages.

Dont wait till that happens to you before taking action. These tools are a must for those who value their privacy, as well as businesses that dont need the hassle of an expensive data breach any time soon.

Did you know that there are 350,000 new malware (malicious software) types are discovered every day, with the total number of known malware almost reaching 1 billion in 2019? Thats a lot of threats for one piece of software to prevent, and there are certainly areas where using anti-malware wont cut it.

Still, its a much better option than trusting that 100% of your employees will practice due diligence. It only takes one click on a malicious pop-up for your company data to be exposed or deleted, so better play it safe with some great anti-malware recommendations.

As a crucial side note, definitely offer ALL your staff thorough cybersecurity training to prevent such situations in the first place. That includes anybody with Internet access; no exceptions.

According to the Verizon Data Breach Investigations Report (DBIR), over 80% of data breaches happen due to weak or re-used passwords. It can seem daunting requiring employees to remember long, randomized passwords for who knows how many business accounts, especially with the need to change them once in a while. And yes, writing them down on sticky notes is a password leak waiting to happen.

Fortunately, there are plenty of password managers that can do the job for you. Not only can you create strong, completely randomized passwords, but theyll also store them offline behind a master key making it that much harder for hackers to breach your accounts.

Obviously, your master key could become compromised as well, but its no different than a hacker finding out an email password and resetting accounts left and right.

At least the master key is in your hands and you dont have to rely on a third partys cyber-security being up to par. (Anyone remember the 3 billion exposed Yahoo! accounts?)

Virtual Private Networks (VPNs) allow for secure web-browsing and data transfer, especially in work environments heavy in mobile devices. Each of those smartphones, tablets, laptops (and fridges, apparently) can be used as a vulnerable entry point into your organization.

Even the latest Wi-Fi protocols have severe vulnerabilities that arent making things easier for anybody.

VPNs encrypt (obfuscate, essentially) any data sent or received over a network. All that data moves through an encrypted tunnel, ensuring it gets to the right people without being intercepted or tampered with.

VPNs are also quite versatile and can be installed on most devices nowadays. Some can even be set up on the routers themselves, meaning every device connected to that router will benefit from encrypted connections.

However, be wary of running free VPN software in the hopes of cutting costs. Research found that 38% of free VPNs on the Android platform contained malware. Theyre also known to log and sell browsing data to malicious third parties. Youd be better off without a VPN at that point.

Now, using a VPN can be a huge weight off your shoulders, but its no use if your own browser betrays you.

Hopefully, your business isnt part of the 8% whom Microsoft pleaded to stop using Internet Explorer.

Yes, many enterprises still rely on Internet Explorer (IE) today because of its compatibility with legacy hardware and/ or software (especially based on the ActiveX framework). Bad idea. The number of breaches and vulnerabilities associated with using IE today are endless.

But at some point executives should consider an overhaul to their business if its keeping their employees stuck with a vastly unsecure browser.

Sure, the expenses of switching software around might hurt in the short-term theres no way around that. Its still better to act while your organization is smaller in scale, rather than be caught off guard when the inevitable need to upgrade comes along.

Instead, try one of these privacy-focused browsers. Take Brave, for example, automatically upgrades all connections to HTTPS wherever possible, meaning browser-website communications are encrypted.

Ideally, nobody would be visiting HTTP-only websites, but theres still a long way to go for a fully encrypted Internet.

Finally, install an ad-blocking extension for good measure.

Lets be honest, nobody likes ads. Allowing ads might be a decent enough way to support your favorite news site or content creator, but wed all rather find an alternative. Moreover, many ads contain malware, some of which can even activate without being clicked.

This isnt just shady websites were talking about, either. The New York Times, the BBC, AOL and many others have had malware injected into their adverts, leading to users devices getting infected. Its safe to say that your business security is more important than the fraction of a cent these services receive from a single ad view.

uBlock Origin is the clear winning choice in this category. It distinguishes itself by using very few system resources and by not allowing acceptable ads in exchange for advertiser money. In fact, the creator doesnt even accept donations for his work.

Moreover, the extension is open-source, meaning anyone can look behind the scenes to see if there are any potential vulnerabilities in the source code.

Optional: Using a script-blocker like uMatrix in tandem with uBlock Origin allows even more control over what content can be displayed on a webpage. It certainly blocks most vulnerable avenues to infiltrate an employees device, and then the entire network.

On the other hand, the learning curve might be a bit much. Theres a handy guide for uMatrix right here, but uBlock Origin does perfectly fine on its own too.

At the end of the day, protect yourself with the right security tools for you and your organization.

Follow this link:
Here's the Top Cyber-Security Software You Need To Consider Downloading For 2020 - Grit Daily

Limited internet to be restored in Kashmir, no access to social media – Reuters

Srinagar (Reuters) - Limited mobile data services and internet will be temporarily restored in Jammu and Kashmir from Saturday, ending nearly a six month communications lockdown after Prime Minister Narendra Modi withdrew the Muslim majority regions autonomy.

FILE PHOTO: Indian security forces personnel patrol a street in Srinagar January 10, 2020. REUTERS/Danish Ismail

Access will be limited to about 300 whitelisted websites and internet speed would remain low, the local Jammu and Kashmir government said in a notice late on Friday.

However, social media applications that allow peer to peer communication will continue to be banned, it said.

The decision will be reviewed on Jan. 31, the notice added.

The move to restore the services comes days after Indias top court ordered the curbs to be reversed, saying that freedom of internet access is a fundamental right and that its indefinite suspension is illegal.

Modis Hindu-nationalist government has frequently used internet shutdowns as a tool to quell dissent in troubled parts of the country.

It has argued that the blackout was needed to maintain order in the Himalayan region where security forces have been fighting a long-running separatist insurgency encouraged by neighboring Pakistan.

The internet lockdown in Kashmir region since Aug. 5 has severely disrupted the lives of millions, impacting everything from college admissions to bank payments and businesses filing tax returns.

Access will temporarily be allowed to websites of banks like State Bank of India and HDFC, education institutions, news, entertainment sites including Amazon Prime, travel, utilities and food delivery apps like Swiggy and Zomato as well as email and search engines including Google and Yahoo.

While the local government restored limited internet in some parts of the region earlier in January, some people are still struggling to get online.

Nasir Nabi, a student from north Kashmirs Kupwara district, where some services were restored, is pursuing a masters degree through a distance learning course and has been unable to access the universitys website.

Because of the slow internet speed, the 23-year-old has not been able to download the study material or get information about any examinations.

Shameem Ahmad, a shopkeeper from the same region, said he has found it difficult to complete bank transactions as the internet speed is very low and most of the times it fails to process the request.

The internet shutdown in Kashmir, which has been on for more than 150 days, is the longest such outage in any democracy, according to digital rights group Access Now.

Writing by Aditi Shah; Editing by Michael Perry

See more here:
Limited internet to be restored in Kashmir, no access to social media - Reuters

Analyzing AppFolio (NASDAQ:APPF) and Cyren (NASDAQ:CYRN) – Riverton Roll

AppFolio (NASDAQ:APPF) and Cyren (NASDAQ:CYRN) are both computer and technology companies, but which is the superior stock? We will compare the two companies based on the strength of their analyst recommendations, profitability, earnings, valuation, dividends, institutional ownership and risk.

Profitability

This table compares AppFolio and Cyrens net margins, return on equity and return on assets.

Analyst Recommendations

This is a summary of current ratings and recommmendations for AppFolio and Cyren, as provided by MarketBeat.

AppFolio presently has a consensus price target of $87.03, suggesting a potential downside of 30.19%. Cyren has a consensus price target of $3.00, suggesting a potential upside of 134.38%. Given Cyrens stronger consensus rating and higher possible upside, analysts plainly believe Cyren is more favorable than AppFolio.

Volatility & Risk

AppFolio has a beta of 1.18, meaning that its share price is 18% more volatile than the S&P 500. Comparatively, Cyren has a beta of 0.28, meaning that its share price is 72% less volatile than the S&P 500.

Valuation and Earnings

This table compares AppFolio and Cyrens revenue, earnings per share (EPS) and valuation.

AppFolio has higher revenue and earnings than Cyren. Cyren is trading at a lower price-to-earnings ratio than AppFolio, indicating that it is currently the more affordable of the two stocks.

Institutional and Insider Ownership

37.1% of AppFolio shares are held by institutional investors. Comparatively, 52.1% of Cyren shares are held by institutional investors. 42.5% of AppFolio shares are held by company insiders. Comparatively, 54.2% of Cyren shares are held by company insiders. Strong institutional ownership is an indication that large money managers, endowments and hedge funds believe a stock is poised for long-term growth.

Summary

AppFolio beats Cyren on 9 of the 13 factors compared between the two stocks.

AppFolio Company Profile

AppFolio, Inc. provides industry-specific cloud-based software solutions for small and medium-sized businesses in the property management and legal industries. It offers AppFolio Property Manager, a cloud-based software solution for the real estate market that provides property managers of various sizes and tools and services designed to streamline their property management businesses, such as posting and tracking vacancies, leasing vacant properties, and accounting, as well as facilitating tenant, owner, and vendor communications. The company also provides MyCase, a legal practice and case management solution that provides managing calendars, contacts and documents, time tracking, billing and collections, and communicating with clients and sharing sensitive and privileged materials for solo practitioners and small law firms. In addition, it offers Value+ services, such as its Website design, electronic payment services, tenant screening, insurance, contact center, premium leads, and tenant debt collections services. As of December 31, 2017, the company served 11,708 property manager customers; and 9,349 solo practitioners and small law firms. AppFolio, Inc. was founded in 2006 and is headquartered in Santa Barbara, California.

Cyren Company Profile

CYREN Ltd., together with its subsidiaries, provides information security solutions for protecting Web, email, and mobile transactions worldwide. The company operates Cyren Cloud Security, a SaaS security platform, which provides Internet security services, including Web Security that provides the enforcement of Web policy and state-of-the-art threat protection for business users; DNS Security, which allows businesses to protect employees at headquarters, visitors in remote offices, customers at retail stores, or students on a campus; Email Security, a cloud-based secure email gateway; and Cloud Sandboxing that protects businesses against breaches and data loss from threats. It also operates Cyren Threat Intelligence Services, a platform that offers cloud-based cyber threat detection APIs and SDKs to technology and security vendors. The company's threat intelligence services comprise embedded email and Web security services; Endpoint Security, which detects malware on various endpoints, including mobile devices and embedded operating system devices; and advanced threat protection services that comprise tools for combating mobile malware, ransomware, and other Web-borne threats. CYREN Ltd. sells its products through direct and indirect channels, including value added resellers and managed service providers to enterprise customers and original equipment manufacturers. The company was formerly known as Commtouch Software Ltd. and changed its name to CYREN Ltd. in January 2014. CYREN Ltd. was founded in 1991 and is headquartered in McLean, Virginia. CYREN Ltd. is a subsidiary of WP XII Investments B.V.

Receive News & Ratings for AppFolio Daily - Enter your email address below to receive a concise daily summary of the latest news and analysts' ratings for AppFolio and related companies with MarketBeat.com's FREE daily email newsletter.

Original post:
Analyzing AppFolio (NASDAQ:APPF) and Cyren (NASDAQ:CYRN) - Riverton Roll

Protecting Websites from Magecart and Other In-Browser Threats – Security Boulevard

The Rise of Third-Party Scripts

Modern web applications have become increasingly reliant on external code, services and vendors that execute JavaScript code in the browser often referred to as third-party scripts. As a close-to-home example shown below, Akamai executes dozens of scripts to populate our home page. Nearly 70% of these scripts come from outside sources.

Partial Request Map View of http://www.Akamai.com

Source: https://requestmap.herokuapp.com/render/200107_S4_75af286693538a095b33ac5e4740b0b8/

We, like almost all other internet-based businesses, use third-party scripts because they enhance the web experience, are easy to add and modify, promote a consistent web experience and are pre-integrated and maintained by the third parties. In fact, web sites today average 56% third-party scripts (Akamai has 68% third-party).

Source: Security and Frontend Performance, Challenge of Today: Rise of Third Parties, Akamai Technologies and OReilly Media, 2017

Magecart a class of credit card hacker groups using new & more sophisticated attack methods has become the poster child of third-party scripts attacks.

Because third-party scripts come from a myriad of trusted and untrusted sources in a businesss supply chain, the attack surface for web-facing applications has become significantly larger and harder to protect. Sites that use credit card processing are at constant risk in fact out of the tens of thousands of sites hit with Magecart in the last few years, 1 in 5 victims are re-infected, often within months of the last attack.

Source: Sangine Security, 2018. https://sansec.io/labs/2018/11/12/merchants-struggle-with-magecart-reinfections/

Unfortunately, most application protection solutions today have tried to retrofit existing techniques to prevent third-party script threats using firewall and policy controls. When rigorously applied, this approach can restrict open business practices and the advantage of third-party scripts. And, when applied to loosely, can miss a lot of attacks.

The primary way, security teams keep their scripts clean, is via constant script review and testing which is really hard.

Because of this constant, time consuming, invisible challenge for security teams to be able to detect and mitigate third-party script attacks, it often isnt done making injecting malicious code into web pages via third-party Javascripts one of the most popular attack methods for credit card and credential skimming today. In 2019, an average of 4800 websites were compromised from third-party injected code every month, a 78% increase over 2018.

Source: Symantec 2019 Internet Security Threat Report

Page Integrity Manager is designed to discover and assess the risk of new or modified JavaScript, control third-party access to sensitive forms, and enable automated mitigation. The solution fully monitoring the behavior of each JavaScript workload in the session, through a series of detection layer, using machine learning model, heuristics, signatures and risk score model. This advanced approach identifies suspicious and malicious behavior, enable automated mitigation using policy-based controls, and block bad actors using Akamai threat intelligence to improve accuracy.

Akamai will be launching Page Integrity Manager in 2020.

We are inviting customers to participate in a valuable beta project with a working product to help you be protected from malicious scripts.

To learn more, download our Beta Product Brief.

Join our beta program today by contacting your Akamai sales team.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Mike Kane. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/-QH1Nxqx7Mc/protecting-websites-from-magecart-and-other-in-browser-threats.html

View original post here:
Protecting Websites from Magecart and Other In-Browser Threats - Security Boulevard

Off-campus wireless internet security on par with University – Kent Wired

If not in class or on campus, Kent State students spend their free time surfing the web, browsing social media, streaming TV shows and movies, all while running the risk of their security being breached on the internet provided by their living complexes.

One would assume that off-campus internet might be more prone to being compromised, but it is actually secure enough to the point where the normal user should not have any issues.

Kate Page, a community assistant and resident at Campus Pointe, has not seen any issues involving wireless security.

Most residents register their devices with the Wi-Fi that needs a username and password, but some use the guest one thats open, Page said.

Campus Pointe, who has wireless internet provided by Pavlov Media, has users register their devices with the apartments locked wireless network.

Students feel their online safety using a wireless connection varies from user to user.

Trey Schleifstein, a sophomore business major and current Campus Pointe resident, has yet to see any real threats to his security.

My devices are all logged in to Pavlov Media, so I would say that probably has something to do with it, Schleifstein said.

Schleifstein also acknowledged that everyone has a different experience when it boils down to their safety online, with students more likely to stream content on a Smart TV or computer.

I think it would mostly depend on what people are doing on the internet that would then have the potential to cause harm, Schleifstein said.

Other off-campus housing, like Eagles Landing Apartments, have similar standards and experiences when it comes to dealing with security on their Wi-Fi.

Chris Miller, a property manager at Eagles Landing Apartments, has also not seen any issues regarding the security of the wireless internet his complex provides.

As of right now, we know there havent been any security issues, at least brought to our attention, but I know that Spectrum is the provider from a standpoint of security and preventative security as well, Miller said.

Miller echoed the notion that security is in the hands of those behind the keyboard.

I think a lot of times were not aware of it; its just something weve clicked on and thats opened up another realm allowing us to be attacked from a security standpoint, Miller said.

John Brucker, a sophomore business major and current resident of Eagles Landing, has dealt with suspicious activity that resembled a security breach in the past, with slower speeds and pop-ups.

Resetting my apartments router usually will resolve the issue, Brucker said.

Wi-Fi security, like many other things, can vary from apartment to apartment. With potential liability issues at hand, off-campus housing properties take preventative measures on their end to ensure that Kent State students safety on their wireless internet is not compromised.

Dylan Bowers covers Tech. Contact him at dbowers9@kent.edu.

Original post:
Off-campus wireless internet security on par with University - Kent Wired

The Rise of the Internet of Things | 2020-01-20 – Security Magazine

The Rise of the Internet of Things | 2020-01-20 | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses CookiesBy closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.

Continued here:
The Rise of the Internet of Things | 2020-01-20 - Security Magazine

Jeff Bezos Phone Hack Should Terrify Everyone – The New York Times

What Mr. Pierson describes is low-hanging fruit the kind of security flaws that can quickly be fixed with a little knowledge and attention to detail. Even then, he said, it takes time for the true nature of clients vulnerability to sink in. Theyre shocked when we give them their password and tell them where we found it, but it doesnt hit as hard as when we tell them their entire home automation system has been potentially online and viewable for three or five or eight years, he said.

When it comes to a Bezos-style breach potentially at the hands of a nation-states intelligence service high-profile targets would most likely be even less prepared. As Mr. Bezos lengthy investigation into the 2018 attack shows, its difficult to get straight answers even when you have the money and resources to run full forensics.

Of course, its not just wealth that turns somebody into a person of interest for hackers. Journalists, government employees, workers at energy companies and utilities could all be targets for someone. Those who work for financial companies, airlines, hospitals, universities, Hollywood studios and tech businesses are all potentially at risk. You can take steps to secure yourself from corporate data collection by using privacy settings on your phone. And to protect yourself from cyberattacks there are helpful guides you can use that have been vetted by security professionals.

For most of us, the attack against Mr. Bezos isnt the death of privacy, but a reminder of the risks of living a connected life. It should be a moment to think as critically about what you do online as you might in the real world. Invest in a password manager. Turn on dual factor authentication. Be skeptical of any communication that looks out of place.

For the ultrarich and influential, the Bezos hack should be a terrifying revelation. As the former State Department employee and whistle-blower John Napier Tye told me last autumn, For someone whos truly a high-value target, there is no way to safely use a digital device. The stakes are astronomically high. Not just personally, as Mr. Bezos found, but professionally. Company secrets, matters of national security, access to critical infrastructure and the safety of employees could all be compromised by lax security at the top.

The internet has long been thought of as a truly democratic tool, flattening and democratizing the ability to publish and communicate. Its also the great privacy equalizer. Money can buy a lot of things. But on a dangerous internet full of exploits, flawed code, shady actors and absent-minded humans, total, foolproof security is not one of them.

Follow this link:
Jeff Bezos Phone Hack Should Terrify Everyone - The New York Times

Limited internet to be restored in Kashmir, no access to social media – WSAU News

Saturday, January 25, 2020 2:43 a.m. CST

By Fayaz Bukhari

Srinagar (Reuters) - Limited mobile data services and internet will be temporarily restored in Jammu and Kashmir from Saturday, ending nearly a six month communications lockdown after Prime Minister Narendra Modi withdrew the Muslim majority region's autonomy.

Access will be limited to about 300 "whitelisted" websites and internet speed would remain low, the local Jammu and Kashmir government said in a notice late on Friday.

However, social media applications that allow "peer to peer" communication will continue to be banned, it said.

The decision will be reviewed on Jan. 31, the notice added.

The move to restore the services comes days after India's top court ordered the curbs to be reversed, saying that freedom of internet access is a fundamental right and that its indefinite suspension is illegal.

Modi's Hindu-nationalist government has frequently used internet shutdowns as a tool to quell dissent in troubled parts of the country.

It has argued that the blackout was needed to maintain order in the Himalayan region where security forces have been fighting a long-running separatist insurgency encouraged by neighboring Pakistan.

The internet lockdown in Kashmir region since Aug. 5 has severely disrupted the lives of millions, impacting everything from college admissions to bank payments and businesses filing tax returns.

Access will temporarily be allowed to websites of banks like State Bank of India and HDFC, education institutions, news, entertainment sites including Amazon Prime, travel, utilities and food delivery apps like Swiggy and Zomato as well as email and search engines including Google and Yahoo.

While the local government restored limited internet in some parts of the region earlier in January, some people are still struggling to get online.

Nasir Nabi, a student from north Kashmir's Kupwara district, where some services were restored, is pursuing a masters degree through a distance learning course and has been unable to access the university's website.

Because of the slow internet speed, the 23-year-old has not been able to download the study material or get information about any examinations.

Shameem Ahmad, a shopkeeper from the same region, said he has found it difficult to complete bank transactions as the internet speed is very low and most of the times it fails to process the request.

The internet shutdown in Kashmir, which has been on for more than 150 days, is the longest such outage in any democracy, according to digital rights group Access Now.

(Writing by Aditi Shah; Editing by Michael Perry)

View post:
Limited internet to be restored in Kashmir, no access to social media - WSAU News