Edward Snowden on privacy, a phone scam victim, suspicious browser extensions, and more
Welcome to Cyber Security Today. It’s Wednesday December 4th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To play the podcast click on the arrow below:
I heard surveillance whistleblower Edward Snowden speak via video-link to a conference in Toronto this week. He warned about the erosion of privacy caused not only by governments, but technology companies as well. He complained both aren’t completely upfront about the amount of personal data gathered from citizens. Some might say, ‘Hey, I have nothing to hide.’ Here’s what Snowden said about that: “Privacy isn’t about something to hide. It’s about something to protect: A free and open society where we can be different, where we can have unusual, even heretical ideas and not be judged for them unless they actually harm people … Privacy is about vulnerability, it’s about how much is known about you. And therefore privacy is about power.” My full report on the speech is here.
In his speech Snowden talked about the erosion of trust from questionable data gathering. By coincidence news emerged Tuesday with an example: A researcher has discovered that the browser extensions of Avast and AVG security products have been collecting what he considers is too much data on where users go on the Internet. These extensions get added if you installed Avast or AVG antivirus. Their purpose is to warn users when they visit a phishing website or learn about best offers from web sites. But Mozilla, which develops the Firefox browser, was offended enough to temporarily remove these extensions for collecting data without user disclosure or consent.
Another warning that so-called free giveaways online should be avoided. This one is aimed at people who use the Steam video game distribution service. The news site Bleeping Computer reports hackers are promoting a weekly giveaway. A web site promises a $30,000 award plus free skins for the Counter-Strike game. All you have to do is click the link and log in with your Steam username and password. This game, however, is to capture your credentials. Don’t be fooled by the realistic looking login page. In fact, with luck a warning will pop up that it’s a suspected phishing site. Remember, only log into Steam through steampowered.com.
CBC News reports another victim of a telephone scam. This time the victim lost $4,000 when she believed the caller was from police saying her social insurance number had been compromised and being used for drug purchases and money laundering. She was told to empty her bank account as proof she wasn’t in on it, to use the money to buy Google Play gift cards immediately and give him the card numbers and confirmation codes. In fact the so-called cop insisted he stay on her cellphone while she ran around town buying the cards. What made this seem credible is that her call display showed the phone number of a real police station. One lesson here is call display isn’t always trustworthy. The other is if a policeman or a government official tells you to buy gift cards or empty your bank account, hang up. That’s proof it’s a fraud. Later this month Canadian phone companies will roll out new technology that hopefully will cut down on phone number spoofing.
Users of Kaspersky consumer and enterprise security products, Trend Micro Maximum Security and Autodesk Desktop should make sure they’re running the latest versions of the software. This is because a security vendor called SafeBreach discovered a similar vulnerability in the three companies’ products. Patches have been recently issued.
Finally, note that new versions of Microsoft’s Edge and Firefox browsers are available with better protections.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon